Row Level Security for Embedded Charts
Filter your chart based on who views it.
Row Level Security allows you to control access to data in a database by row, so that a logged in user can only view the data they are authorized for. You will be able to control “Who sees what in the chart?” by including a RLS filter to the question.
Steps
- Ask a question via the Zing Web App or Mobile App with a Row Level Security filter. Refer this guide for more information on how to create a question with an RLS filter.
- Embed the chart by following the steps under the Setup and Preparation and the Integration sections.
- Send the logged in user’s data when creating a session with Zing via your backend code. The information sent in the payload will be used for RLS filtering.
An example of how to create a session token in NodeJS is shown below.
const url = 'https://console.getzingdata.com/api/v1/embed-sessions';
const payload = {
userData: {
email: loggedInUserEmail,
role: loggedInUserRole,
username: loggedInUserUsername,
name: loggedInUserName,
},
};
const options = {
headers: {
'Content-Type': 'application/json',
'x-zingdata-api': ZING_API_KEY,
},
};
const response = await axios.post(url, payload, options);
const oneTimeSessionToken = response.data.token;
How to use this one-time token is explained in the Integration steps.
That’s it. 🎉
The resulting chart for a query with RLS filtering will have different results based on the logged in user in your application. By excluding certain data from the dataset based on the logged in user would reduce access of data by users who are unauthorized to view them.
