Deprecation Notice: access_filter_fields Replaced by access_filters (4.16+)

  • 30 June 2017
  • 4 replies

Userlevel 3

Looker has the ability to filter queries based on user specific values. For example, a user associated with the “Acme” company might have their order queries restricted to Acme orders. As of Looker 4.10, you should use the access_filter parameter to do this instead of the access_filter_fields parameter.

In 4.16 we added a legacy feature in preparation for phasing out the old parameter (for more details see the Legacy Features docs page). The legacy feature is called Allow the access_filter_fields parameter. By default, this feature is on, which means that you can still use the old parameter. If you want to limit developers to the new parameter, turn off this legacy feature.

The new parameter is a little bit easier to understand. It also takes advantage of Looker’s User Attributes system, which makes access filters more integrated with the rest of Looker.

Old access_filter_fields Parameter

You can read about the old access_filter_fields parameter, and how to use it, on our access_filter_fields docs page.

New access_filters Parameter

You can read about the new access_filters parameter, and how to use it, on our access_filter docs page.

4 replies

Sorry if this isn’t the right place for this, but I wanted to provide some feedback on this change.

We are planning on using the old “access_filter_fields” parameter indefinitely because the new “access_filters” parameter makes our user configuration more cumbersome.

We have all of our users assigned to one or more groups and each group has a single access filter value associated with it. Ideally we could switch to access_filters and users would be assigned a superset of the values associated with all groups they belong to. Unfortunately, as the feature is currently implemented a user only receives one value – even if they belong to two groups, each with their own value.

So in order to switch to the new parameter we would have to manage all access filter values at the individual user level instead of at the group level.

Userlevel 6

Thanks Dustin. This is really helpful.

Userlevel 3

@dengstrom Are you already managing these filter values at the user level? If I recall that’s the only way you can do access_filter_fields … unless I am forgetting some way that you can assign those types of filters to actual Looker groups.

If you are doing this at the user level, that configuration also exists with user attributes, and therefore access_filters. For example, I’ve given myself a user-specific value of “Europe” in this user attribute:

I’m assuming the filters you have for each user look something like “group-1-value, group-2-value”? If so, you could do the same with user attributes and I think that would let you switch to access_filters.

@Brett_Sauve: Yes, we’re managing access_filter_fields at the user level with filter values like “group-1-value, group-2-value” and we could re-work our projects to behave similarly with access_filters. But at this point we’ve gone through the effort of defining separate groups, creating separate spaces for each group, and controlling content access based on assigning a single user to multiple groups – it would be nice if we could use the same org structure to manage data access.