You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: references/workspace/user-attributes.mdx
+11-3Lines changed: 11 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -54,7 +54,7 @@ User attributes can be used in these specific contexts within the model.yaml fil
54
54
55
55
User attributes can also be used in:
56
56
57
-
-**Chart filter values** - Filter charts dynamically based on the logged-in user
57
+
-**Chart and dashboard filter values** - Filter charts and dashboards dynamically based on the logged-in user
58
58
59
59
<Info>
60
60
User attributes cannot currently be referenced inside`sql:` tags within the model YAML files.
@@ -111,9 +111,9 @@ When referencing user attributes in SQL you can use the following [SQL variables
111
111
If you are self hosting you can enable [SMTP](/self-host/customize-deployment/configure-smtp-for-lightdash-email-notifications) or [SSO](/self-host/customize-deployment/use-sso-login-for-self-hosted-lightdash) authentication to allow users to verify their email address.
112
112
</Info>
113
113
114
-
### Using user attributes in chart filter values
114
+
### Using user attributes in chart and dashboard filter values
115
115
116
-
You can reference user attributes directly in chart filter values to create dynamic filters based on the logged-in user. This is useful for creating charts that automatically filter to show only data relevant to the current user.
116
+
You can reference user attributes directly in chart and dashboard filter values to create dynamic filters based on the logged-in user. This is useful for creating charts and dashboards that automatically filter to show only data relevant to the current user.
117
117
118
118
To use a user attribute in a filter value, enter one of the following references:
119
119
@@ -122,12 +122,20 @@ To use a user attribute in a filter value, enter one of the following references
122
122
123
123
For example, if you have a chart showing sales data and you want each user to only see their own records, you can add a filter where `sales_rep_email` is equal to `${lightdash.user.email}`. When the chart runs, the filter value will be replaced with the actual email of the logged-in user.
124
124
125
+
The same references work on dashboard filters, so a single dashboard can be shared with many users and each will only see the rows relevant to them.
126
+
127
+
128
+
125
129
Similarly, you can use custom attributes like `${lightdash.attribute.country}` to filter data based on a user's assigned region or department.
126
130
127
131
<Info>
128
132
If a user attribute referenced in a filter value is not set for the current user, the query will return a `Forbidden` error.
129
133
</Info>
130
134
135
+
<Warning>
136
+
Chart and dashboard filters are **not a security boundary**. Any user with edit access to the chart or dashboard can remove or change the filter and see the underlying rows. If you need to actually restrict which rows a user can query, use [row filtering with `sql_filter`](#row-filtering-with-sql%5Ffilter) in your dbt model — that runs on the warehouse and cannot be bypassed from the UI.
137
+
</Warning>
138
+
131
139
### Row filtering with `sql_filter`
132
140
133
141
Row-level security (RLS) in Lightdash is implemented using the `sql_filter` property combined with user attributes. This allows you to restrict which rows each user can see based on their attributes.
0 commit comments