cancel
Showing results for 
Search instead for 
Did you mean: 

How to implement column level security?

KailaT
Community Manager
Community Manager

There are some business sensitive columns that only certain users should have access to.   For example, only show salary information to executives or users at a certain management level or above. For all other users trying to build insights using this column, mask the data. How do we implement this in Incorta?

3 REPLIES 3

awarrier
Employee
Employee

You can implement column level security in Incorta by using session variables and formulas. First, create the session variables to identify the groups that the logged in user belongs to. Next, create a formula with the sensitive column and the rule to apply for insight and dashboard consumption. Here is one sample formula for the use case referenced above.

IF($executive_managerial_group = 'Y', HR.Employees.Salary, '******')

AEliza
Rocketeer

Can you show us how to create the session variable $executive_managerial_group based on the Group in Incorta? Say, there is a Group (executive_managerial_group) with some users.

JoeM
Community Manager
Community Manager

HI @AEliza - 

If you're looking to query against Incorta, you can use the following set of cascading logic- 

JoeM_0-1652800759845.png

First, let's find out tenant ID.

$ivar_getTentantID

queryDistinct(
    sch_IncortaMetadata.Tenant.ID,
    sch_IncortaMetadata.Tenant.Name = 'Your tenant name'
)

The retrieve all groups from the tenant.

$ivar_get_groupid

querydistinct(
     sch_IncortaMetadata.Group.ID,
     sch_IncortaMetadata.Group.Name = 'executive_managerial_group',
     sch_IncortaMetadara.Group.TenantID = $ivar_getTentantID
)

Once I create a session variable that finds the group ids, I write another session variable to return users within the group:

$ivar_get_userid

query(
    sch_IncortaMetadata.group_user.userid,
    sch_IncortaMetadata.group_user.group_id = $ivar_get_groupid

then next

 $ivar_get_username

query(
   sch_IncortaMetadata.User.Loginname,
   inlist(sch_IncortaMetadata.UserID, $ivar_get_userid)
)