This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Best practice for restricting data

Posted on 09-03-2021 06:43 AM
allivant
New Member
Reply posted on --/--/---- --:-- AM

New to looker. I’m looking for the best  way to restrict data based on domain/tenants. Obviously someone in Tenant 1 shouldn’t see Tenant 2 data. Currently, we have 1 db and connection. In the model have an access_filter, based on a user attribute I created based on tenants, on an Explore. I thought I could use required_access_grants in a view but that doesn’t filter data right? 

I assume each tenant should have their own model.

Thanks for any help in advance!

1 2 208
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
cooperx
New Member
Reply posted on --/--/---- --:-- AM

I think you are after Access Filters rather than Access Grants with something like below.  https://docs.looker.com/reference/explore-params/access_filter
 

  access_filter: {
    field: tenant.id
    user_attribute: tenant_id
  }


Otherwise you can also use something like the following in your explore if for some reason the access filter doesn’t work for you which is just a manual version of the above really but allows for some more complex logic rather than pure matches if needed

 sql_always_where: ('{{_user_attributes["tenant_id"]}}' = ${tenant.id} ) ;;

Posted on --/--/---- --:-- AM
allivant
New Member
Reply posted on --/--/---- --:-- AM

thanks, that’s what I did with access_filter. I was wondering if there was a way to do it in the model that filters all explores.

0 Likes
Top Labels in this Space
Top Solution Authors
View all