Service Client and Row Level Security¶
Topics on this page:
The service client feature of Comotion Dash allows you to provide selective access to certain data within a table. This is useful when building dashboards for multiple customers (known in the dash world as service clients) while ensuring that they cannot see each other's data.
To achieve this:
- Each user is tagged with a service client id. This is usually some unique short representation of the customer - such as
initech- or a number.
- Each insights table must have
service_client_idas its first partition.
Setting up in this way will mean that users tagged with a certain service client will only be granted access to the part of the insights table with their data in it.
Special Service Clients¶
Note the following special service clients
|901||Public||Lines in insights tables tagged with this service client are accessible to all users|
|0||Internal||Users that are tagged with this service client have access to all service client information. This is generally for internal analysts and admins who work with the data, and internal consumers who need to view dashboards based on data from multiple customers.|
Grant Access to a Service Client¶
To grant access to a service client you have to complete the following steps:
When creating your Insights Table, define your last partition as service client and ensure each line is populated with the correct service client.
When preparing the insights table for visualisation, add custom SQL to the table definition to ensure that only data from the right service client is returned. The function
service_client_clauseis available for this purpose:
Missing this step causes an error
Adding the service_client where clause ensures that your graphs only select from the correct service client. Missing this step will result in a permissions error when a service client user tries to view a dashboard with data from other service clients.
When requesting User Access from your Comotion Dash representative, specify the "service_client_id" of that user.