Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Filter query results using user's attributes (permissions)
See original GitHub issueDescription: What is it?
Based on a user’s permissions and attributes, a user should only be allowed to see certain rows and not others. (kind of like row-level security, but with permission-level filtering added in there too). A user should be able to on an model/explore level, define what column should be used to determine permissions, and then what aspect of the user should be used to match against that column.
Problem: What problem does this solve?
As users counts and types grow, it is important to be able to restrict the data that a user can see at a more granular level than a dataset. For example, if I have users in different states, I want to restrict what they can see to only the data in their state.
(Optional) Why: How do we know this is a real problem and worth solving?
Success: How will we know if we’ve solved this problem?
The data that a user can see is limited to the data that some set of rules say they can.
Audience: Who are we building this for?
The functionality would be built to be used by data builders, but would impact data consumers.
What: Roughly, what does this look like in the product?
On a dbt model (in the yml), define an (or set of) access filter(s) for a given model. having the controls sit with the data is very important, as any change to the data could have a big impact on the security, so having this info live with the dbt yml makes sense. For example it could look something like
access_filter:
field: region_code
user_attribute: region
This filter states that lightdash should restrict the ability to see the data in this model where the users region equals the field region_code on this dataset.
For a flow you would define the access controls for each model in the yml, that to then get parsed by the lightdash parser, then when lightdash constructs the query for that model it uses that parsed access controls to add on where statements to the query that restrict the data returned. For example the above access filter, would add where data.region_code = user.region automatically to all queries run by the users (queries either backing a dashboard or an explore).
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
This sounds like a request for “row level security”.
Tableau’s implementation of RLS
@TuringLovesDeathMetal thanks for the comment, will add more thoughts to the first comment as well, but this would be your option 1, the restriction for a user to only see certain rows and not others.