Intro to Session Variables: Row-Level and Column-Level Security
December Action on Insights
Making sure that your dashboards are properly protected can be incredibly valuable to organizations, teams and individuals. In this session, we talk about how to leverage session variables to give each logged in user different data views.
Watch to learn:
-
What are row and column level security?
-
Understand session variable use
-
How to set up and adjust security
Transcript:
Tristan Barrientos: Welcome to december's action on insights This is our monthly webinar series where we share best practices and tips and tricks to help our customers unlock the potential of the quarter direct data platform.
Tristan Barrientos: Today we're going to go over an intro to session variables row level and column level security.
Tristan Barrientos: My name is Tristan very Santos and i'm the director of project management at in quarter i'll be your host for today.
Tristan Barrientos: And a little housekeeping before we begin, if you have any questions during the presentation, please type them into the Q amp a or chat box at any time, we will do our best to address them at the end during the Q amp a.
Tristan Barrientos: Now i'd like to introduce our speaker today.
Tristan Barrientos: Joe Miller is the senior director of Community and customer enablement adding quota you spent the last 10 years educating and upscaling workers in the data verse.
Tristan Barrientos: Without further ado i'll hand it over to Joe to kick us off.
Joe Miller: Thanks justin.
Joe Miller: Hello everyone good morning Good afternoon, good evening wherever you may be appreciate you joining this session today.
Joe Miller: And I also appreciate For those of you who are subscribed to this session last week for being adaptable as we've moved the session around a little bit to accommodate for some schedules, but.
Joe Miller: What a better way to lead into the holiday season, then, to talk about some row level security so let's talk about what we're going to cover today.
Joe Miller: First we're going to cover some concepts, what is it, why would I want to use it and then we're going to jump into an actual demonstration of how to implement it.
Joe Miller: Now there are a couple of different ways that you could facilitate row level security and column level security, this will simply be an example that we can.
Joe Miller: You might be able to take home and leverage, but we want to give you that hands on view of how to implement that into the system.
Joe Miller: will have a lot to cover today so i'll try to do my best to explain things as I can.
Joe Miller: As i'm typing things into the encoded interface, but as Kristen mentioned if there's any questions or, if I may have breezed over something.
Joe Miller: Please go ahead and enter it into chat dressed in john are both here to help answer questions as i'm going through this so.
Joe Miller: For those of you who are just new completely to the idea of row level security, what is it in a nutshell.
Joe Miller: it's simply put a security mechanism that restricts the viewable rows of data based on the authorization context of the current user that's logged in.
Joe Miller: All that to say is if i'm a user that's logged in as the west region manager within a sales organization.
Joe Miller: row level security would make sure that I only see data that applies to my organization right in this case, they might not want me to see how the sales are going in the west region or North region that might be a function of security.
Joe Miller: The other thing is it actually might be a function of convenience.
Joe Miller: I might not actually care what might be happening within those regions and it might present a lot more data which could overwhelm me.
Joe Miller: So I think of this row level security is a way that you can pre filter views.
Joe Miller: to really make it a little bit more convenient for your end users to consume that interface now The other thing that's really nice about implementing row level security.
Joe Miller: Is reduce dashboard below right, I think there are a number of people who may be on this call today who have been out there, building dashboards and creating.
Joe Miller: variance or degrees of dashboards to accommodate different user groups, but the base concept of that dashboard may be the same right.
Joe Miller: They just want to make sure there's a dashboard a for managers and they can only see a certain set of data.
Joe Miller: A dashboard be for just employees same same kind of layout same kind of graphs but just different data, making sure that no one sees the wrong data.
Joe Miller: The challenge with this is now i've got two dashboards to keep up on make sure that the right people are viewing those within the right security groups, if someone makes.
Joe Miller: A comment that you need to update those dashboards you'll need to go back and Edit to dashboards now.
Joe Miller: So I think of this as a great way to not only improve the security of what data is having access but it's going to really come back to you.
Joe Miller: The developer of these dashboards to put this in place and just to walk through it sure you've been looking at this graphic here but explain visually.
Joe Miller: You can see that each of these account executives with this one count table of region have access to their own respective row.
Joe Miller: And that's all we're going to be doing today is setting up a set of rules to make sure that people have access to the right rows of data and that's all column level security is or sorry row level security.
Joe Miller: COM level security is effectively the same idea but transposed, we might think of an example of like HR data.
Joe Miller: We know people that should see employee's salary data and those that should not first of all, I beg the question is, if we should even show a table at all.
Joe Miller: To employees, but maybe there is a table that has usernames and emails that they can use as an employee directory, and there is an extra field in there that has salary that should be masked.
Joe Miller: Using calm level security, you can create logic saying if someone's logged in under a certain context obfuscate the data, and this is simply a conditional statement and we'll show an example of that.
Joe Miller: So that's another option or tool that you have in your pocket to make sure that no one's getting their hands or other eyes on the wrong data.
Joe Miller: Now, before I jump into kind of what that blueprint is, it is good to understand kind of the fundamentals of security within a quarter.
Joe Miller: quarter is group based security, you can apply a certain set of permissions directly to a user.
Joe Miller: A user will first need to be added to a group and a group will need to be given permissions and that's a specific call out, because that will inform how we actually build our blueprint today.
Joe Miller: So enter session variables, there are two types of session variables that you can create with an encoder an internal session variable or an external session variable.
Joe Miller: And these session variables are evaluated kind of different times within the experience, so let me focus on an internal session variable first.
Joe Miller: Simply put, an internal session variable as a variable that's.
Joe Miller: Internal to year and quarter session, it has data that has been loaded into a schema and you can write a session variable to refer to the data that's been loaded into in quarter.
Joe Miller: Today in our example we're actually going to be looking at data that's been loaded into in quarter, as the incorporate Meta database and it's hosted my sequel but will actually be running an internal session variable to go look at the data that's in there.
Joe Miller: and bring that back as a result, to filter our row sense The other option is an external.
Joe Miller: session variable and for those that actually instead of referring to something that's within the system and external session variable actually referred to something outside of the system.
Joe Miller: So at the point of running that session variable you're actually creating a query that's going to reach back directly to your database and pull the results or set of values back into encarta.
Joe Miller: Why use one over the other well, I would say, external session variables it really depends on how quickly your data is going to be updated right on if we lean back into that HR example again let's say I have an HR application that updates every.
Joe Miller: Every four hours right and it's important that nowhere in that four hours there's like a lapse in security for my organization.
Joe Miller: If my schemas are refreshing every day, we know that the actual hierarchy of the organization's changing quicker than our data itself right and so instead of relying on the data that we've imported into in quarter.
Joe Miller: We might actually want to go back into that system and grab the information around users in the hierarchy that exists within our HR application, instead of the one that we may have replicated into a quarter.
Joe Miller: You also could consider just interfacing with the record administrator to up the cadence of those loads for the.
Joe Miller: HR application into your quarter and then you could use his internal session variable So those are some considerations today.
Joe Miller: we're going to be leaning into the types of users, that exist on the quarter platform more specifically.
Joe Miller: If someone's a student or if someone's administrator and changing their views, based on what they see now.
Joe Miller: To complete this this is kind of the cascading logic that I see taking place within internal session variables and again, you could probably write these a few different ways, but this is the way that i've seen it done.
Joe Miller: We actually go in during the time that the user logs in all these internal session variables will be evaluated at the time of the login.
Joe Miller: OK, so the first internal session variable that we would write up is something to get our tenant ID.
Joe Miller: On in this particular case, I know I have a tenant name found funded foundations, all I need is to get the idea of what that tenant is, in this case I get return the tenant idea of 3345.
Joe Miller: And then I cascade to the next level of that tenant 3345 is there a group name, students and, if so, what's the idea of that student group okay if it returns, it will return the value of 26 and then I go back to the next tier and say hey of that group number 26.
Joe Miller: or my student ids and then I go one level level deeper deeper saying I have my student ids, can I just get their usernames now.
Joe Miller: At the end of this i'll just have a set of usernames stored and internal session variable but one of the things that's actually built as a variable within the encoder platform as well, is just user dollar sign user.
Joe Miller: That is a variable that you have at your disposal at any time on it effectively just reflects what what naming login your name does, and you can use that to effectively pre filter on the data that you've retrieved here.
Joe Miller: i'm sure this is a lot throwing at you i'm throwing at you quickly, but I think they'll make a lot more sense once I jump into a quarter and start to showcase this a little bit.
Joe Miller: So let's go ahead and get into it on i'll do a little bit of formula writing early on, but for the sake of time i'll start kind of copying and pasting in some snippets so you can and explaining what they're doing so you can kind of see what's going on.
Joe Miller: Okay let's jump over into our content here.
Joe Miller: And we should be off and running me make sure i'm sharing the correct screen.
Joe Miller: want to make sure that wasn't just sharing an application okay perfect so here, I am in a rather blank instance of encarta on you'll see if I go up here i'm logged in as my admin.
Joe Miller: i've been given quite a few permissions and the first thing that i'm actually going to show you is making sure that we have groups that up right i'm going to go over to security.
Joe Miller: Groups in this case i'm looking for a group name students Okay, I have a group in place i'm going to use this group to effectively retrieve.
Joe Miller: A set of values to filter upon my dashboards so that is something you want to make sure that you have in place for the sake of this exercise.
Joe Miller: Perfect so what i'm gonna do first is i'm going to create a really simplistic dashboard.
Joe Miller: it's going to be a not very compelling but it's going to be enough to really display the behavior that's happening underneath the hood here some go ahead and add dashboard and i'll just call this my DEMO dashboard.
Joe Miller: add an insight.
Joe Miller: quickly add table here.
Joe Miller: and
Joe Miller: we'll go ahead and add.
Joe Miller: Category into my grouping dimension and cost.
Joe Miller: it's my measure.
Joe Miller: Okay i'll refresh that very quickly, and you can see, I have a large data set non aggregated data set of.
Joe Miller: What might be happening within that particular table i'm gonna flip it over to aggregated really quick, so you can see that, despite that view there was more than just electronics.
Joe Miller: Within this data set there's hardware peripherals photo software and other but for the sake of this exercise i'm going to flip it back over into this listing insight and verse give it a name.
Joe Miller: DEMO insight.
Joe Miller: Perfect now, the first thing that I want to showcase is i'm a dragon a formula and show you that user variable that I can have in place on the search variables drop in user.
Joe Miller: And reload my table, and all this formula does is actually looks at the session and returns, the name of the login easy as that now, when you think about this.
Joe Miller: It may be very simplistic, but it actually provides a pretty powerful value when we go and retrieve the list of.
Joe Miller: Potential student names it'll give me the list, and I will say, who I am and we'll make sure that we match, and if we match, then I get that set of rules applied to me.
Joe Miller: Okay, so that's important to know i'll leave that up there just to kind of showcase that we're seeing exactly what we need to see.
Joe Miller: Okay um so let's go ahead and start building out some internal session variables to start creating some sort of logic to make sure that we're filtering down.
Joe Miller: for students in this particular use case I want to make sure that only students see electronics so let's go ahead and save this.
Joe Miller: And i'm going to jump over to my schema tab here within schema tab i'll have session variables and global variables.
Joe Miller: I have done a little bit of legwork to give us a little bit of a head start here So the first thing that I want to show you is that i've created this variable on create called tenant name and it's really just a string value.
Joe Miller: So we have G Var tenant name and it's set to foundations that's the tenant that i'm currently logged into today and that's going to give context to kind of the cascading logic that's going to go in place here.
Joe Miller: So the next thing that i'm going to go to is my internal or my session variables you'll see that there are tags to denote what's internal.
Joe Miller: versus what is external I did omit to mention that some of the internal expressions or sorry internal session variables are things like current day current month things that could be kind of calculated on fly.
Joe Miller: But i'm going to create find one that was actually created previously that i'm going to leverage and that's called get tenant ID.
Joe Miller: This was something that was kind of at first box within our graph, and this is effectively writing a query against our quarter metadata database and you can see it here.
Joe Miller: Saying for the G Var tenant name which I just showed you as a global variable equal the foundations for the tenant name equal the foundations, give me the tenant ID.
Joe Miller: Now the nice thing is about about these internal session variables, as you can test them on the fly.
Joe Miller: So I can click test and you'll see that, when it actually evaluates the session variable i'll get the value of 11 so that's effectively the ID of my tenant ID.
Joe Miller: Now next up the thing that I want to do is actually get the group ID from that foundations tenant right so i'm going to go ahead and create a new.
Joe Miller: Internal variable.
Joe Miller: i'm gonna give it a name in this case on, I would just name it I Var get group idea of students i've our internal session variable it's kind of Nice just to give a little prefix to make sure that you know exactly what you're working with and then i'm going to write a query here.
Joe Miller: So um enter query.
Joe Miller: i'll do a query distinct okay.
Joe Miller: perfect.
Joe Miller: Now for this query the first thing that i'm going to want is my group ID that's what i'm seeking by reading this particular query song right.
Joe Miller: i'm going to look for my encoded metadata here schema.
Joe Miller: Sure, I got that mapped in here.
Joe Miller: schema encoded metadata group.
Joe Miller: and looking for ID.
Joe Miller: Okay that's, the first thing they want to retrieve.
Joe Miller: filter conditions now, I want to find that where the group name is equal to students so i'm going to go schema and quarter metadata where the group.
Joe Miller: name.
Joe Miller: is equal to, in this case.
Joe Miller: group students copy this one over.
Joe Miller: And this is one of the few that i'll actually write out just so you can see the process.
Joe Miller: And the last condition that I want to filter on years.
Joe Miller: For this human metadata I want the group, where the tenant ID is equal to, and then you remember, we return the value last time, but we have these cascading.
Joe Miller: Internal session variables so i'm just going to return to refer to the old session variable that I had just created so if I come over here i'm going to go look for that tenant ID session variable here and say hey whatever that returned said it equal to that.
Joe Miller: let's go ahead and test that, and you can see, it now i've been able to look for my group of students and find that their ideas idea for design.
Joe Miller: So we'll go ahead and add that.
Joe Miller: So quick review of where we sit went to the tenant found the tenant got an ID back with that idea we went and asked hey is there a group name students inside of that and with so what's the idea of that give the group ID back.
Joe Miller: Now we just have two more to make in this particular case i'll i'll copy and paste these in and explain them very briefly.
Joe Miller: So the next one that i'm going to do is now that we have our group ID is actually getting the user ids of everyone within that group so i'm gonna go ahead and create an internal session variable named I Var get user ids.
Joe Miller: and paste in this query here.
Joe Miller: And in this particular one i'm looking for user ids where the group ID is equal to what we just created and that's going to be the value of 45 in this particular case.
Joe Miller: we'll test that and we can see that we get multiple users within this group and that's important because, in the next one will make sure that we're not sending it equal.
Joe Miller: To a certain user ID we're going to say it's in a list of user ids so we're going to select okay we've got our user ids We just need to go one more step and get the names, the login names of those users.
Joe Miller: Go new session variable internal.
Joe Miller: get our if our student names.
Joe Miller: drop him a new query here, and in this particular query or you can see that we're asking for login name as long as they are in the list of students, that we returned from our previous session variable which was for ids at that time.
Joe Miller: will select done and test it once more, and now you can see that i've gotten three students for students back students zero student one student to student three.
Joe Miller: Okay, so now we have a logic of an internal session variable that's returning a set of values.
Joe Miller: Okay now that's just the beginning now we need to figure out how to apply this to our dashboard and filter the data on that, and this is where the fun part comes in, so let's go ahead.
Joe Miller: and add this and i'm going to do it two levels, just to demonstrate some of the capability so i'm going to come over here to content back into our DEMO.
Joe Miller: And i'm first going to apply this at a level that's not quite at a schema level of will actually do that as kind of a step two i'll go to manage filter and prompts and select an applied filter.
Joe Miller: and applied filter will actually behave very similar to applying it back at the schema layer it just won't be quite as reusable.
Joe Miller: So I just wanted to showcase that here first just for the sake of showing the can be done in multiple places so let's create a new formula.
Joe Miller: and drag that into our applied filter.
Joe Miller: And for those of you who are not aware and applied filter will effectively globally filter out all elements of your dashboard based on a certain set of logic, so if I wrote a formula like display only categories of electronics that's all anyone would ever see.
Joe Miller: OK, now the one that i'm going to write in here and i'm just going to copy and paste this for the sake of time.
Joe Miller: Is.
Joe Miller: This oh missing one piece of logic here.
Joe Miller: Here we go.
Joe Miller: I want a filter that's applied that shows only electronics when there's also a user.
Joe Miller: That as a student right, and this is our student names list so we had s zero s one s to s3 remember how that user variable showed me because i'm logged in as if we match so as my login name and it's in the list, then only show me electronics that's all this is saying.
Joe Miller: I must select validate and say here i'm missing a bracket here, we have one more.
Joe Miller: And i'll say done.
Joe Miller: Now.
Joe Miller: The great news is this doesn't seem to work, but it does can anyone.
Joe Miller: identify the reason why this is working, if you got an idea go ahead and put in chat.
Joe Miller: We have a correct answer in the chat that's right you'll notice that I myself am an admin and I wrote that rule to make sure that only students could see electronic so.
Joe Miller: In this particular case, I might want to consider refactoring my formula as an admin to say hey if you're a student, you can see, electronics, but if i'm an admin just let me see everything okay.
Joe Miller: So let me go back into my vantage filter and prompts settings here go into my formula, and let me just refactor this once more, and I might add, an additional element of logic in here.
Joe Miller: Okay.
Joe Miller: So we still have the same logic in here if the categories electronics and a user's a student then only show electronics or this kind of a superset if i'm in the admin group show me everything.
Joe Miller: Okay well validate and save.
Joe Miller: Say done.
Joe Miller: And now you can see that I see everything now, the one thing that's Nice is actually going and validating that this is behaving is exactly exactly as I would expect.
Joe Miller: So I assume around and see that as an admin I can see software other other different types of categories i'm going to quickly log out.
Joe Miller: And sign in as my students Okay, the first thing that I need to make sure that I do, though, is that it actually share this dashboard with students so i'm going to share access with group students.
Joe Miller: And set it to view now here's an important consideration when you're building real level security.
Joe Miller: I have used this as an applied filter within the dashboard if I gave group students access to edit the dashboard.
Joe Miller: They could actually go in to that applied filter and remove it.
Joe Miller: So really pay attention to kind of the peripherals of the security that you're putting on these groups to make sure that there's not a way that they can kind of circumnavigate the rules that you put in place so i'm gonna leave it as share.
Joe Miller: and select close.
Joe Miller: Okay, so they should have access, let me sign out here and sign in as a student.
Joe Miller: Okay, you can see, I have this DEMO and now I see only electronics let's pagination to the last page all I see is electronics.
Joe Miller: So that's in a nutshell now i'm going to go back into my admin dashboard and.
Joe Miller: we'll sign out here, and just show you how to put this back into the the runtime security filter.
Joe Miller: And then.
Joe Miller: Okay.
Joe Miller: we'll come back here.
Joe Miller: Well, sorry and it's filtering prompts i'm gonna go ahead and save this logic over here.
Joe Miller: Because I do want the same logic.
Joe Miller: But remove this.
Joe Miller: The logic has been removed and go back to my schema so in this particular listing table that I had built I was looking at product categories.
Joe Miller: i'm going to jump over to my products table and you'll see down here, there is a runtime security section now what I did in the previous.
Joe Miller: example, there is, I did it as an applied filter so the row level security only applied.
Joe Miller: To the dashboard itself and the issue is is that other people who may be accessing this products table directly.
Joe Miller: will not be having the same level, security, maybe that's something you want and it's only specific to a dashboard, in which case you would do it in the pipe filter setting.
Joe Miller: But if you want everyone to have this row level security, you would actually back into the schema environment and make sure that you're applying it directly to the tables so.
Joe Miller: we're going to go ahead and add a security filter there are two types of filters on the first of which is a regular, which I think is a more simplistic way to build a runtime security.
Joe Miller: You just effectively choose a column, and the value and you can choose and select one of those values but i've got a lot more rules.
Joe Miller: beyond just making sure that someone's in a specific group, I want to make sure that they see electronics as an example and that's going to call for something a little bit more complex so i'm going to jump over into the formula.
Joe Miller: All I need to do is apply that same formula here.
Joe Miller: and call it done and now i've applied that runtime filter so anyone who's building a dashboard or constructing a dashboard off of this will be subject to rule level security so if a.
Joe Miller: Student one has the ability to create a dashboard they could come in and and dragon product categories they're only going to see electronics as an example.
Joe Miller: So that is a quick look at row level security now i'm going to flip it very quickly for the the element for the sake of time to make sure that we have the opportunity to talk about.
Joe Miller: column level security and quite simply put this is the technique that we use inside of in court is called column masking and that's writing a formula that's a conditional statement saying hey if i'm a student.
Joe Miller: Show me this if i'm not a student show me that right so i'm going to go back over into my content page here.
Joe Miller: back into my DEMO insight and Edit this once more.
Joe Miller: i'm going to keep my cost here.
Joe Miller: My costs field over here.
Joe Miller: But let's just create a rule and just say students, they could see the categories, but they shouldn't see how much each of these.
Joe Miller: Particular products cost right if you're logged in the student don't show me the cost completely mess that value what you can do is come over into a formula here.
Joe Miller: and write some sort of on if conditional statement so i'll start with if.
Joe Miller: And i'll say if.
Joe Miller: someone's in the student list.
Joe Miller: And list let's see here.
Joe Miller: Where user.
Joe Miller: This isn't a list of.
Joe Miller: let's see get user names.
Joe Miller: So this is the condition if they are a student here.
Joe Miller: Then.
Joe Miller: mask it with what other value you want.
Joe Miller: else.
Joe Miller: What do you want to display.
Joe Miller: In this case, i'll continue to do sales of goods let go the cost.
Joe Miller: Here OK now, the one thing I don't have a really compelling example here but you've probably finagle your way around it is, I am creating effectively a string here, and this isn't a numeric value.
Joe Miller: So i'm just going to do a quick convert over the string for this value since the conditional will need to evaluate the same data type whichever path it goes.
Joe Miller: And that should be good let's see if I got that right perfect.
Joe Miller: So you can see my new formula here i'm as an admin right now i'm not a student, so I do see exactly what those values are i'm going to flip over to my student view and what I should see is.
Joe Miller: This cost that's not doesn't have any sort of common masking on it, I should see those values, but for this one I should hopefully see that it's maxed out so let's go ahead and save that.
Joe Miller: jump out of here.
Joe Miller: sign in form.
Joe Miller: boom.
Joe Miller: So, now that data has been masked based on the rule that this person is a student.
Joe Miller: So I know this is a very quick session and we covered a lot throughout that session.
Joe Miller: One thing that is worth mentioning is the session is being recorded So if you just said hey wait a minute I missed that I want to watch the playback.
Joe Miller: will be sending this out at a later time and it will also be posted to our Community, if you want to watch a playback of how this goes, I also want to make a mention that there is really good documentation on this at Dr mccord calm.
Joe Miller: Even before the session I was passing over a few questions that I had, and most of them are answered within docs and CT calm.
Joe Miller: And then there was also a few good examples that existed out on our community of people putting that in place today, so those are some specific shout outs that I wanted to give to some resources that you have let's jump back here, I need to get back to my.
Joe Miller: Stop share real quick i'm going to get to my slides.
Joe Miller: Close the session.
Joe Miller: Perfect so um quick plug and then we'll we'll open up for some Q amp a if there's any questions.
Joe Miller: Please make sure you check out our community on if you have more complex questions around how to configure this with your particular security setup or with your setup databases.
Joe Miller: asking it to the greater Community is a great way to kind of get traction and get started with that that's where really context meets.
Joe Miller: concept, and we want to make sure that people know that it's a resource at their disposal, on top of that, we post knowledge base there on best practices and learning events like this.
Joe Miller: In the upcoming future one of the ones that will be running in late January is a session on introduction to data science so stay tuned for that, but i'll pause there and open it up for questions.
Tristan Barrientos: and go, we have a couple of questions i'll start with one that was actually already answered.
Tristan Barrientos: question was session variables are strings tenant tenant ID is long, how is the data type translated and then notes that dates must use the date function to work.
Tristan Barrientos: So I think you I think you've covered this as part of your your as your content but john also provided a link here anyway go ahead, Joe if you want to comment.
Joe Miller: No, I that sounds correct me and I do see a question as well as can the session variable be used as an individual filter.
Joe Miller: Yes, it can, I think i've tried that myself and i've had some success with it as well.
Joe Miller: One of the things that I did interestingly enough to.
Joe Miller: Let me jump back here, and this is a much more simplified version to kind of showcase the the power of encarta.
Joe Miller: With that, just a user string right is I actually had an example of grade cards right, I wanted to create one report where there's.
Joe Miller: A different set of grades for a different set of students right and as each student logs and I want them to see only their grades.
Joe Miller: The data set that I was using had their login name as a part of that set, and all I would say at a global level of saying.
Joe Miller: hey if their login name is equal to the user variable then just show that data, again I did, that the global level, but there's no reason why I couldn't have applied this edit individual sorry an individual insight level.
Tristan Barrientos: we've got another question here.
Tristan Barrientos: Is it can we mask with the zero character link to effectively hi the column all together.
Joe Miller: that's a great question and I don't have a great answer for that one now but let's take that one copy it right now and make sure we log it and follow up with that.
Joe Miller: Then i'll actually post that as a part of our.
Joe Miller: When we get the recording back up on the Community i'll actually make sure that that question accompanies that in the comments as well.
Tristan Barrientos: There was another follow up, which was to that same question which is and or can we dynamically change the column label.
Joe Miller: um I don't I don't think there is anything today that can do that.
Joe Miller: But i'll double check.
Tristan Barrientos: Right and we've got a one.
Tristan Barrientos: comment here, it says, you can actually use session variables in the column label.
Joe Miller: So Gary, thank you for that contribution Okay, what a detail a little bit more detail around the explanation, then.
Joe Miller: perfect.
Tristan Barrientos: And then we've got another question.
Tristan Barrientos: And lots of questions here lots of great questions i'm calm secure in data source, rather than dashboard like the row example.
Tristan Barrientos: yeah can you put the masking into the the data source destination that ski table definition.
Joe Miller: As a security throw into the schema.
Tristan Barrientos: yeah.
Joe Miller: yeah so, at least for the column masking It can be done it two layers actually the the session variables will not work.
Joe Miller: When adding a new formula directly to a schema so the masking can't be done at a schema level, but where it can be done is that a business schema level, so if you're looking to do.
Joe Miller: column masking in that particular case my recommendation would be to make sure that you're building a business schema that actually has those rules in place and then sharing that out versus directly the schema from the schema.
Tristan Barrientos: Do we have any other questions.
Tristan Barrientos: looks like.
Tristan Barrientos: Just taking a quick look here, to see if there any others looks like we may have run out of questions here.
Tristan Barrientos: Oh nope we got another one.
Tristan Barrientos: Ah.
Tristan Barrientos: Why can't in court, a over and quarter use a session variable in the runtime security filter.
Joe Miller: That one I actually don't know off the top of my head, I do know alias tables materialized views have that capability, but i'm not sure exactly why i'd have to go back to our engineering team task.
Tristan Barrientos: yep we'll do the research here and get back to.
Tristan Barrientos: You on these.
Joe Miller: are great questions.
Tristan Barrientos: pretty good question.
Tristan Barrientos: Okay, great well, thank you, Joe um we can wrap up here I think so.
Tristan Barrientos: definitely want to thank Joe Joe for for taking the time to make the presentation.
Tristan Barrientos: If you enjoy today's session as Joe mentioned, we have a full series and and.
Tristan Barrientos: Have these action on insights webinars our next one is going to be in quarter for data, scientists and that will be in January and to register for that you will go to incorporate comm slash events.
Tristan Barrientos: it's not posted yet, but it should be there soon.
Tristan Barrientos: Again, another plug for the Community if you're looking to engage with other users or customers or inquiry employees.
Tristan Barrientos: You can do that, via the inquiry Community that's the place to be.
Tristan Barrientos: You can visit community that included calm, then you can register there and become a part of our growing community and, finally, thank you for joining us and have a great day.
Joe Miller: Thank you, everybody.
Hosted by:
Joe Miller
Sr. Director, Community & Customer Enablement
Tristan Barrientos
Director of Project Management