New to looker. I’m looking for the best way to restrict data based on domain/tenants. Obviously someone in Tenant 1 shouldn’t see Tenant 2 data. Currently, we have 1 db and connection. In the model have an access_filter, based on a user attribute I created based on tenants, on an Explore. I thought I could use required_access_grants in a view but that doesn’t filter data right?
I assume each tenant should have their own model.
Thanks for any help in advance!
I think you are after Access Filters rather than Access Grants with something like below. https://docs.looker.com/reference/explore-params/access_filter
access_filter: {
field: tenant.id
user_attribute: tenant_id
}
Otherwise you can also use something like the following in your explore if for some reason the access filter doesn’t work for you which is just a manual version of the above really but allows for some more complex logic rather than pure matches if needed
sql_always_where: ('{{_user_attributes["tenant_id"]}}' = ${tenant.id} ) ;;
thanks, that’s what I did with access_filter. I was wondering if there was a way to do it in the model that filters all explores.