๐๏ธMulti-Tenant Access Control
Tenancy and Organizational Configuration
For your multi-tenant database architectures, establish atomic access controls through row-level policies (Database Tenancy & Table Tenancy), configurable in the Client Settings of our data source settings.
How Our Row-Level Policies Work?
Set row-level policies for each table using your data source's SQL language.
DataBrain parses and applies these policies as Common Table Expressions (CTEs) during query generation. This step happens post-validation, just before sending the query to your database or warehouse.
This method ensures user-specific data access, e.g., User A sees only their data. You can also define and assign dynamic variables in your SQL queries during token creation.
Guest Token
For a user to view the embedded DataBrain dashboard in your application, your backend must request a guest token from DataBrain. This request is specific to the user and utilizes their userId
or clientId
.
Example request payload:
{ "clientId": "7807dcd1-1919-474b-aba7-7f23a062d02f" }
These identifiers are then injected into your row-level policies, tailoring the data returned to the user based on these parameters.
Example of Implementing a Row-Level Policy
To ensure each user only sees data relevant to them in a consumers
table, you would set up a row-level policy and create a specific token. Here's how you can do it:
Defining the Row-Level Policy for the Customers Table
Write a SQL query to define the policy:
SELECT * FROM consumers WHERE id = {client_id_variable}
This query ensures that each user only accesses rows in the customers
table where their unique identifier matches the id
column.
Generating a Token
Use a curl
command to generate a token for a specific user:
curl -X POST --location 'https://api.usedatabrain.com/api/v1/guest-tokens' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <API-KEY>' \
--data '{ "clientId": "7807dcd1-1919-474b-aba7-7f23a062d02f" }'
This process combines secure access control with customized data visibility, aligning with user-specific requirements.
Last updated