Security - Data Filter using username

Comments

7 comments

  • Avatar
    Malinda Jepsen

    We have used Data Security to accomplish the same thing. We have a table that drives what a user can see and then we set up the data security on that field for that person during SSO.  If you aren't using SSO, you can do it manually through the interface.

    0
    Comment actions Permalink
  • Avatar
    Javier Irazazabal

    I really don't understand how you can do it using the interfce, Could you please put a simple example?

    Thanks in advance!

    0
    Comment actions Permalink
  • Avatar
    Malinda Jepsen

    What I meant by "manually through the interface" was assign the data security to a user.  

    For example, add a table to your cube named "Security". In the Security table, have a column for the username and group name.  Add a row for every user in your system with their username and group. In Data Security for the cube (or Elasticube set if you are using sets), add a Data Security field and select group from the Security table.  Set Everyone to see "Nothing".

    For each user, you then add a restriction that is username and pick their username from the list.  This is the portion that I said you can do in SSO. We are doing that with our API calls as we go.  

    Then create a relationship between the Security table and your fact tables on the Group field.

    Once this was implemented through our SSO, it works really well and takes no maintenance on our part.  We use it for our multi-tenant implementation.

    See https://documentation.sisense.com/security/ for more detail.

    I hope that helps!

    1
    Comment actions Permalink
  • Avatar
    Oxana Noa Umansky

    Thank you so much Malinda!

     

    0
    Comment actions Permalink
  • Avatar
    Javier Irazazabal

    But I still don't know how to manage this at runtime. I don't want to do in the web interface manually, because if I have 400 users, it's not operative. I need to manage it automatcally. Some other software manage session variables that stores username, group or others. So with it, you can manage the conceptp of user or group in data filters. How Sisense manage it?

    Thanks a lot

    0
    Comment actions Permalink
  • Avatar
    Malinda Jepsen (Edited )

    How are you provisioning your users?  We provision our users through SSO, so the code that creates the user decides what groups they are in and then issues the API calls to add them to the group, add their data security, etc.. You can try it out in a small cube. We also use those groups to define which dashboards they can see. You can set the data security for a group as well, so you only have to make sure they are in the right group. The data security will change the filters on the page to display only data they have been given access to. We have over 5000 users and have data security set up for each of them on a couple of fields in several cubes.

    Malinda

    0
    Comment actions Permalink
  • Avatar
    Javier Irazazabal

    Thanks a lot Melinda, could you share the code that do what you explain in your last post?

    Thanks a lot!

    0
    Comment actions Permalink

Please sign in to leave a comment.