Last Tested: Mar 12, 2020
Documentation for full reference about access_grant
Access grants allow developers to restrict access at the explore, join, view and field level. Access is tied to user attributes. Access grants DON'T restrict dev access in LookML - they DO restrict access in Explore field pickers and queries.
Access grants are built in the model file.
You can define the permission like this:
access_grant: privileged_departments {
user_attribute: department
allowed_values: ["hr", "finance"]
}
Allowed_values use OR logic - any of the values allow access.
Access grants are applied at the explore, join, view or field level. You can call the access grant with the required_access_grants parameter. Ex:
view: view_name {
required_access_grants: [privileged_departments]
Required_access_grants use AND logic - you must have allowed values for all grants to have access.
Type of Object | If you don’t have permission... |
Explore | Cannot see entire look/tile, nor menu nav item. Behaves the same as if you tried accessing a query in production based on an explore that only existed in dev mode. |
Field | The query runs without the field. A warning message appears saying, “‘view.field’ no longer exists on View, or you do not have access to it, and it will be ignored.” The warning is suppressed on dashboards. |
View or Join | Views and joins are treated as groups of fields, and behave the same as not having access to the whole group of fields within that view or join. |