Lookup Tables for RLS
Row level security filters with any user attribute.
Row Level Security (RLS)
Row Level Security allows you to control access to data in a database by row, so that a logged in user can only view the data they are authorized for. You will be able to control “Who sees what in the chart?” by including a RLS filter to the question.
For example, let’s consider the question “Performance statistics per employee”. With a RLS filter, you can control the resulting data for this question so that the logged in user would only see their performance statistics as opposed to seeing statistics for all employees.
With Zing Data, the user’s email, username, or ID can be used for dynamic user-specific filtering. Support for other user attributes can be provided based on your requirement. Reach out to our team to integrate other user attributes.
Row Level Security Use Cases
- Employee based RLS - A user can only see information they own/responsible for or tied to (most common filters are email, user ID or username)
- Department based RLS - A user can only see information for the company, department or unit they belong to.
- Role based RLS - A user can only see information assigned to their role (E.g: Manager, Customer, Engineer, etc.)
- Location based RLS - A user can only see information of their specific region or city.
Setting up RLS with Zing Data
Pre-requisites
- Create a data source.
- The tables in your datasource should have a field where a RLS filter can applied on. (E.g: user ID, user name, user email, etc.)
Steps
- Ask a question on your Zing Data mobile app or web app.
- Create an additional filter for RLS on the field you require RLS filtering on. This can be done via the Visual Query Builder or via Custom SQL.
- Visual Query Builder
- Custom SQL
- Visual Query Builder
- The format of the filter should includer zing.user before the name of the filter. For example, to filter by email, the RLS filter should be {{zing.user.email}}.
The resulting chart for a query with RLS filtering will have different results based on the logged in user. By excluding certain data from the dataset based on the logged in user would reduce access of data by users who are unauthorized to view them.
