Best practice for restricting data

  • 3 September 2021
  • 2 replies

New to looker. I’m looking for the best  way to restrict data based on domain/tenants. Obviously someone in Tenant 1 shouldn’t see Tenant 2 data. Currently, we have 1 db and connection. In the model have an access_filter, based on a user attribute I created based on tenants, on an Explore. I thought I could use required_access_grants in a view but that doesn’t filter data right? 

I assume each tenant should have their own model.

Thanks for any help in advance!

2 replies

I think you are after Access Filters rather than Access Grants with something like below.

  access_filter: {
user_attribute: tenant_id

Otherwise you can also use something like the following in your explore if for some reason the access filter doesn’t work for you which is just a manual version of the above really but allows for some more complex logic rather than pure matches if needed

 sql_always_where: ('{{_user_attributes["tenant_id"]}}' = ${} ) ;;


thanks, that’s what I did with access_filter. I was wondering if there was a way to do it in the model that filters all explores.