Question

Best practice for restricting data

  • 3 September 2021
  • 2 replies
  • 49 views

New to looker. I’m looking for the best  way to restrict data based on domain/tenants. Obviously someone in Tenant 1 shouldn’t see Tenant 2 data. Currently, we have 1 db and connection. In the model have an access_filter, based on a user attribute I created based on tenants, on an Explore. I thought I could use required_access_grants in a view but that doesn’t filter data right? 

I assume each tenant should have their own model.

Thanks for any help in advance!


2 replies

I think you are after Access Filters rather than Access Grants with something like below.  https://docs.looker.com/reference/explore-params/access_filter
 

  access_filter: {
field: tenant.id
user_attribute: tenant_id
}


Otherwise you can also use something like the following in your explore if for some reason the access filter doesn’t work for you which is just a manual version of the above really but allows for some more complex logic rather than pure matches if needed

 sql_always_where: ('{{_user_attributes["tenant_id"]}}' = ${tenant.id} ) ;;

 

thanks, that’s what I did with access_filter. I was wondering if there was a way to do it in the model that filters all explores.

Reply