Worked Example: Group Value Security Filter

Follow

This scenario will focus on a national research company that wishes to filter the data based on management access. The research company has multiple branches across many regions with the following management structure:

  • The CEO is able to see the whole business.
  • Regional managers are be able to see their allocated regions only.
  • Branch managers are limited to their own branch only.

The company wants to analyse data by region and branch.


The best way to achieve the desired result would be to assign a group based filter and assign users to the appropriate groups. This way a user will only ever see the information they have permission to view.
 
As with all security filters we begin by adding a security filter to the dataset. In this case we are going for the lowest common denominator the branch which is represented by the state column in the dataset, which we will link to the group name.



When modelling the group structure to the data structure using the group name as the security filter make sure the group name matches the data exactly. We use the state and not the region for a security identifier since at the most granular level we wish to restrict access by state.



This way we can determine what data is returned to the user by selecting which branches they have permission to view. Selecting as many of as few as the users management level allows.


 
In the above example, the filter applied to the PacificManager user would be as follows:
State = Group Name = ('Arizona' OR 'California' OR 'Nevada').
 
It is not necessary to apply security filters to the CEO user as by default they are expected to see the unfiltered results for the entire company.

Once complete every component and dashboard created from this dataset will now be filtered by the groups the user has been given access to, ensuring that each user only has access to their allocated information. Which means only a single master dashboard would need to be created and shared with all of the users with no risk of a user being able to see restricted data.
Have more questions? Submit a request

Comments

Powered by Zendesk