This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Row Level Security (RLS)

Row Level Security allows you to control access to data in a database by row, so that a logged in user can only view the data they are authorized for. You will be able to control “Who sees what in the chart?” by including a RLS filter to the question.

For example, let’s consider the question “Performance statistics per employee”. With a RLS filter, you can control the resulting data for this question so that the logged in user would only see their performance statistics as opposed to seeing statistics for all employees.

With Zing Data, the user’s email, username, or ID can be used for dynamic user-specific filtering. Support for other user attributes can be provided based on your requirement. Reach out to our team to integrate other user attributes.

Row Level Security Use Cases

  1. Employee based RLS - A user can only see information they own/responsible for or tied to (most common filters are email, user ID or username)
  2. Department based RLS - A user can only see information for the company, department or unit they belong to.
  3. Role based RLS - A user can only see information assigned to their role (E.g: Manager, Customer, Engineer, etc.)
  4. Location based RLS - A user can only see information of their specific region or city.

Setting up RLS with Zing Data

Pre-requisites

  • Create a data source.
  • The tables in your datasource should have a field where a RLS filter can applied on. (E.g: user ID, user name, user email, etc.)

Steps

  • Ask a question on your Zing Data mobile app or web app.
  • Create an additional filter for RLS on the field you require RLS filtering on. This can be done via the Visual Query Builder or via Custom SQL.
    • Visual Query Builder
    • Custom SQL
  • The format of the filter should includer zing.user before the name of the filter. For example, to filter by email, the RLS filter should be {{zing.user.email}}.

The resulting chart for a query with RLS filtering will have different results based on the logged in user. By excluding certain data from the dataset based on the logged in user would reduce access of data by users who are unauthorized to view them.

1 - Lookup Tables for RLS

Row level security filters with any user attribute.

A lookup table allows you to use more user attributes for row level security filtering. For example, without a lookup table you can only use an email field for row level security. By defining a lookup table with user information, you will be able to use any attribute in the table as the RLS filter.

A lookup table can be defined for each of your datasources. The email field is a must have on your lookup table.

Let’s look at an example lookup table.

user_id name email role region
101 User1 user1@acme.com engineer east
102 User2 user2@acme.com sales west
103 User3 user3@acme.com desginer central
104 User4 user4@acme.com engineer east
105 User5 user5@acme.com engineer west

Specifying a lookup table for a datasource

  1. Visit the datasource page on the Zing console.
  2. Click on the Settings button on your datasource.
  3. Turn on the toggle for Row Level Security.
  4. Select the table you want to set as the lookup table for the datasource and the email field in that table.
  5. Now you can specify any filter on your charts/tables as mentioned here using the attributes in your lookup table. For example, if you want to apply the RLS filter on the user’s ID, the filter on the WHERE condition should be {{zing.user.user_id}}. Filtering by the region would be possible by specifying the filter as {{zing.user.region}}.