Row-level Permission (RLP)

Record-level Access Control.

Row-level permission (RLP) is one of the three types of permission control that Holistics supports.

With RLP, you can control which record the user can retrieve from the database. In Holistics, it means the user will only be able to explore certain fields' values in the dataset (that you assigned to them) and view such values on the dashboards.

For example, your company has physical stores located in the US, Singapore, and Japan. For each country, you have one regional manager, and you have a business director who oversees all the regional managers.

With RLP, you can allow the business director to see the sales performance of all stores in 3 countries, while limit the US regional manager to see data of the US only.

How RLP works in Holistics

General concept

There are two steps to enable RLP:

• Create new metadata for each user where we define how much data a user can get access to. This is called User Attributes in Holistics.
• Add the User Attributes to the dataset permission settings so every time a query is run, it will invoke that attribute based on the user log-in information and return the data that the user is restricted to.

Link Lucid Chart: here

Step 1: Setup User Attributes

Basically, your tenant's admins will need to define user attributes globally and set values for each user or user group so that when logging in Holistics, each of them can be used as a dataset permission setting's condition to restrict the data returned when exploring dataset or viewing reports.

For example, you want your Vietnamese users to see data in Vietnam only, you will define user attribute called country_access and set value 'Vietnam' to user group Vietnam. This will be elaborated more below.

• Open User Manager to manager user attributes