Row Level Security (RLS)

Row Level Security allows you to control access to data in a database by row, so that a logged in user can only view the data they are authorized for. You will be able to control “Who sees what in the chart?” by including a RLS filter to the question.

For example, let’s consider the question “Performance statistics per employee”. With a RLS filter, you can control the resulting data for this question so that the logged in user would only see their performance statistics as opposed to seeing statistics for all employees.

With Zing Data, the user’s email, username, or ID can be used for dynamic user-specific filtering. Support for other user attributes can be provided based on your requirement. Reach out to our team to integrate other user attributes.

Row Level Security Use Cases

  1. Employee based RLS - A user can only see information they own/responsible for or tied to (most common filters are email, user ID or username)
  2. Department based RLS - A user can only see information for the company, department or unit they belong to.
  3. Role based RLS - A user can only see information assigned to their role (E.g: Manager, Customer, Engineer, etc.)
  4. Location based RLS - A user can only see information of their specific region or city

Setting up RLS with Zing Data

Pre-requisites

  • Create a data source with alookup table.

  • The lookup table in your datasource should have a email field (which is the lookup for logged in users in Zing), along with any other attributes you’d like in your lookup table.

     

     

Two RLS options

 

If you’re using question-level RLS

  1. Go to your data source in Zing Console and select the ‘Row Level Security’ tab

  2. Activate RLS with the toggle on the right

  3. Select the lookup table and field

  4. Create an additional filter for RLS on the field you require RLS filtering on. This can be done via the Visual Query Builder or via Custom SQL.

     

    • Query Builder
    • Custom SQL
    • The format of the filter should include zing.user before the name of the filter. For example, to filter by email, the RLS filter should be {{zing.user.email}}.
    • The resulting chart for a query with RLS filtering will have different results based on the logged in user.

If you’re using centralized RLS

  1. Go to your data source in Zing Console and select the ‘Row Level Security’ tab

  2. Activate RLS with the toggle on the right

  3. Select the lookup table and field

  4. Select one of the available tables and enter a SQL expression into the input box that will be used to filter rows. It should evaluate to TRUE for a given row to be accessible to a user.

    You can add RLS configurations at the table level using a mix of the lookup attributes or conditions.

    An example RLS condition could be –> email = ‘{{user.email}}’ OR ( ‘{{user.Role}}’ = ‘Manager’ AND ‘{{user.Office_Location}}’ = ‘Boston’)

 

 

 


Lookup Tables for RLS

Row level security filters with any user attribute.

Centralized RLS Setup

Centralized Row Level Security in Zing lets you control what data each user can see based on that user’s attributes and conditions you specify.