Row-level security
The data model serves as a facade of your data. With row-level security, you can define whether some data model facts are exposed to end users and can be queried via APIs & integrations.
Row-level security in Cube is similar to row-level security in SQL databases. Defining whether users have access to specific facts from cubes and views is similar to defining access to rows in database tables.
By default, all rows are public, meaning that no filtering is applied to data model facts when they are accessed by any users.
Managing row-level access
You can implement row-level access control by applying additional filters conditionally
in the query_rewrite configuration option.
Dynamic data models
You can implement row-level access control at the data model level
dynamically by adjusting the sql parameter
of cubes.
Best practices
Data access policies
You can use data access policies to manage both member-level
and row-level security for different roles. With them, you can define access control
rules in data model files instead of mixing them together in a single block of code
in query_rewrite.
It is recommended to use data access policies by default. You can also combine
them with using your own code in query_rewrite for specific cases.