Insert Variables for Row Security Restriction Filters

Variables can be inserted as values for any restriction filter in a row security definition. The variables are passed to the connection string via custom attributes specified in the user definition or dynamically in the custom attributes specified in the SAML or LDAP configurations for your Composer installation.

You can also specify user attributes for use in the connection parameters of a connection definition. See Use User Attributes for Connection Parameters.

If a variable is used in a row security definition, but a corresponding custom attribute is not defined for the user, an error message appears when the user attempts to view a dashboard on which the row security is applied.

Step 1: Define Custom Attributes for the Variables

A custom attribute must be defined for every variable you want to use. The only exceptions are the Composer context variables ${User.composerUserName} and ${User.accountId}, which automatically exist and can be used to insert the name or account ID of the user that is currently logged in.

You can define custom attributes in several ways:

Details about specifying custom attribute values are provided in Specify Custom User Attributes.

Step 2: Using Variables in Row Security

To use variables in row security:

  1. Log into Composer as a Composer administrator, a user in a group that has been granted the Can Administer Sources privilege, or a user in a group that has been granted the Can Manage Source Permissions privilege and who also has read permission for the data source.

  2. Follow the instructions in Restrict Access to Data Using Row Security to add or modify a row security definition. When you get to the step where you select values for the restriction filter, specify the custom attribute (variable) you defined in Step 1 as a value for the filter. If custom attributes are defined, they can be directly entered using the following syntax:

    ${User.<custom-attribute-name>}
  3. Save the row security definition and close the Row Security dialog, as described in Restrict Access to Data Using Row Security.

Row Security Filter Errors

When a custom user attribute, used as a variable in a row security filter, is invalid (for example, it cannot be parsed as a value of a required type), a generic error message is given and a detailed message is logged describing what is wrong with the row security filter.