Security - Data Filter using username
Hi all,
We have to solve a common question, but I'm not able to find any documentation entry that solves it. We need to reference the username logged in at Sisense in runtime to use this to build data filters. In others BI software, we are able to manage user logged in (or groups or other user/group features) by session variables that we can reference in data filters in order to solve security restrictions, instead of manually creating a data filter for each user/group manually. For example, we need to make a data filter that makes something like this: table.groupname = [:user_group].
How Sisense manage user/group names and this attributes at runtime?
Thanks in advance
-
We have used Data Security to accomplish the same thing. We have a table that drives what a user can see and then we set up the data security on that field for that person during SSO. If you aren't using SSO, you can do it manually through the interface.
0 -
I really don't understand how you can do it using the interfce, Could you please put a simple example?
Thanks in advance!
0 -
What I meant by "manually through the interface" was assign the data security to a user.
For example, add a table to your cube named "Security". In the Security table, have a column for the username and group name. Add a row for every user in your system with their username and group. In Data Security for the cube (or Elasticube set if you are using sets), add a Data Security field and select group from the Security table. Set Everyone to see "Nothing".
For each user, you then add a restriction that is username and pick their username from the list. This is the portion that I said you can do in SSO. We are doing that with our API calls as we go.
Then create a relationship between the Security table and your fact tables on the Group field.
Once this was implemented through our SSO, it works really well and takes no maintenance on our part. We use it for our multi-tenant implementation.
See https://documentation.sisense.com/security/ for more detail.
I hope that helps!
1 -
Thank you so much Malinda!
0 -
But I still don't know how to manage this at runtime. I don't want to do in the web interface manually, because if I have 400 users, it's not operative. I need to manage it automatcally. Some other software manage session variables that stores username, group or others. So with it, you can manage the conceptp of user or group in data filters. How Sisense manage it?
Thanks a lot
0 -
How are you provisioning your users? We provision our users through SSO, so the code that creates the user decides what groups they are in and then issues the API calls to add them to the group, add their data security, etc.. You can try it out in a small cube. We also use those groups to define which dashboards they can see. You can set the data security for a group as well, so you only have to make sure they are in the right group. The data security will change the filters on the page to display only data they have been given access to. We have over 5000 users and have data security set up for each of them on a couple of fields in several cubes.
Malinda
0 -
Thanks a lot Melinda, could you share the code that do what you explain in your last post?
Thanks a lot!
0
Please sign in to leave a comment.
Comments
7 comments