Zing Data | GenAI business intelligence that works anywhere Zing Data | GenAI business intelligence that works anywhere
Zing Data | GenAI business intelligence that works anywhere Zing Data | GenAI business intelligence that works anywhere

Centralized Row Level Security

Centralized Row Level Security in Zing lets you control what data each user can see based on that user’s attributes and conditions you specify.

It is applied to all the ways a user could query data within Zing – meaning whether they ask a question in natural language or do a SQL query with a “select * from mytable” the rows they see will be only those you have allowed for each user.

How it works

When a user is logged in to Zing (or is authenticated in embedded mode), they have an identifier. That identifier and other attributes of that identifier (as specified in a lookup table) are used dynamically at runtime to compare against the conditions you specify.

Zing already offered the ability to filter on user attributes in queries, and worked well for creating questions or dashboards and sharing them. But we heard from our customers that being able to enforce RLS in a way that was not editable as a filter, and could be applied even for more privileged roles (e.g. editors) was critical to ensuring data governance.

This new Centralized RLS works for all user roles (viewer, member, editor, admin), and *all query modes (natural language querying, visual querying, SQL IDE).

This allows you to ensure that users are able to interactively ask questions of data, at any level of detail, while ensuring they only see what they are supposed to.

Setup and Testing

  1. Create a data source then click ‘Settings’ and ‘Row Level Security’

  2. Turn on RLS and define a lookup table for user attributes. You’ll have one column indicating the user’s identifier (email), and other columns which will be used as dynamic lookups for that user’s attributes.

    Note: this is a live check so updating this table will update the user’s attributes and resulting rows shown on queries that rely on RLS.

  3. Click on a table or view from the list on the left, and then specify the condition which should evaluate to TRUE if a user is to be shown that row, and FALSE if they shouldn’t see that row based on the condition you specify. For instance:

4. Click ‘save’ and your RLS conditions are immediately applied.

5. Check that the RLS conditions you’ve set are working as you expect, andNOTE: Centralized Row Level Security conditions apply to all new and existing questions and dashboards.

Detailed documentation is here.

Get started with Zing for free! Sign In or create a New Account.

 

Related articles

Template Variables in Metric Expressions

Template Variables in Metric Expressions
Read more
Scaling Data Analytics with a Semantic Model

Scaling Data Analytics with a Semantic Model
Read more
Zing Modeling Layer

Zing Modeling Layer
Read more

Download Zing For Free

Available on iOS, Android, and the web

Download Download

Learn how Zing can help you and your organization collaborate with data

Schedule Demo