User Attributes

Secure data access with user attributes for filtering based on individual permissions.

User attributes allow you to implement row-level security by filtering data based on user-specific values. This documentation explains how to set up and use user attributes for access control.

Creating User Attributes

Go to Admin → Attributes
Click to create a new attribute
Configure the attribute:
- Set a name
- Choose the type
- Optionally set a default value
- Optionally set a display name

Setting User Attribute Values

User attributes can be set on a per-user basis:

Go to the user's page
Locate the attributes section
Set the desired attribute value (e.g., setting city to "Los Angeles")

Implementing Row-Level Access Policy

To filter data based on user attributes, implement an access policy in your views:

views:
  - name: orders_view
    access_policy:
      - role: "*"  # Applies to all roles
        row_level:
          filters:
            - member: customers_city
              operator: equals
              values: ["{ securityContext.cubeCloud.userAttributes.city }"]

Security Context

The user attributes are available in the security context object:

{
  "securityContext": {
     "cubeCloud": {
        "userAttributes": {
           "email": "user@example.com",
           "customers_city": "Los Angeles"
        }
        "roles": {}
     }
  }
}

Effect on Queries

When the access policy is implemented, queries will automatically be filtered based on the user's attributes. This ensures users can only access data that matches their attribute values.

The path to access user attributes (securityContext.cubeCloud.userAttributes) will be simplified in future updates to allow direct access through user attributes.

Agent memories Roles & permissions