https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/1572#M19 <P>Can you show us how to create the session variable&nbsp;<SPAN>$executive_managerial_group based on the Group in Incorta? Say, there is a Group (executive_managerial_group) with some users.</SPAN></P> Tue, 17 May 2022 14:46:47 GMT AEliza 2022-05-17T14:46:47Z https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/493#M8 <P><SPAN>There are some business sensitive columns that only certain users should have access to. &nbsp;&nbsp;For example, only show salary information to executives or&nbsp;users&nbsp;at a&nbsp;certain management level or above. For all other users trying to build insights using this column, mask the data. How do we implement this in Incorta?</SPAN></P> Wed, 16 Mar 2022 15:39:44 GMT https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/493#M8 KailaT 2022-03-16T15:39:44Z https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/494#M9 <P>You can implement column level security in Incorta by using session variables and formulas. First, create the session variables to identify the groups that the logged in user belongs to. Next, create a formula with the sensitive column and the rule to apply for insight and dashboard consumption. Here is one sample formula for the use case referenced above.</P><P>IF($executive_managerial_group = 'Y', HR.Employees.Salary, '******')</P> Wed, 16 Mar 2022 15:41:55 GMT https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/494#M9 awarrier 2022-03-16T15:41:55Z https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/1572#M19 <P>Can you show us how to create the session variable&nbsp;<SPAN>$executive_managerial_group based on the Group in Incorta? Say, there is a Group (executive_managerial_group) with some users.</SPAN></P> Tue, 17 May 2022 14:46:47 GMT https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/1572#M19 AEliza 2022-05-17T14:46:47Z https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/1574#M20 <P>HI&nbsp;<a href="https://community.incorta.com/t5/user/viewprofilepage/user-id/350">@AEliza</a>&nbsp;-&nbsp;</P> <P>If you're looking to query against Incorta, you can use the following set of cascading logic-&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JoeM_0-1652800759845.png" style="width: 400px;"><img src="https://community.incorta.com/t5/image/serverpage/image-id/941iB4AC273B53C7353E/image-size/medium?v=v2&amp;px=400" role="button" title="JoeM_0-1652800759845.png" alt="JoeM_0-1652800759845.png" /></span></P> <P>First, let's find out tenant ID.</P> <P>$ivar_getTentantID</P> <LI-CODE lang="markup">queryDistinct( sch_IncortaMetadata.Tenant.ID, sch_IncortaMetadata.Tenant.Name = 'Your tenant name' )</LI-CODE> <P>The retrieve all groups from the tenant.</P> <P>$ivar_get_groupid</P> <LI-CODE lang="markup">querydistinct( sch_IncortaMetadata.Group.ID, sch_IncortaMetadata.Group.Name = 'executive_managerial_group', sch_IncortaMetadara.Group.TenantID = $ivar_getTentantID )</LI-CODE> <P>Once I create a session variable that finds the group ids, I write another session variable to return users within the group:</P> <P>$ivar_get_userid</P> <LI-CODE lang="markup">query( sch_IncortaMetadata.group_user.userid, sch_IncortaMetadata.group_user.group_id = $ivar_get_groupid</LI-CODE> <P>then next</P> <P>&nbsp;$ivar_get_username</P> <LI-CODE lang="markup">query( sch_IncortaMetadata.User.Loginname, inlist(sch_IncortaMetadata.UserID, $ivar_get_userid) )</LI-CODE> <P>&nbsp;</P> Tue, 17 May 2022 15:19:42 GMT https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/1574#M20 JoeM 2022-05-17T15:19:42Z https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/4696#M191 <P>Hi taking this a step further could you mask the column except for certain groups by data in the row? What i am looking for is to mask the employee column when a year is greater than 2018 (for example)</P> Sun, 16 Jul 2023 20:08:42 GMT https://community.incorta.com/t5/administrative-discussions/how-to-implement-column-level-security/m-p/4696#M191 Adetweiler 2023-07-16T20:08:42Z