[英]How to give access to multiple users for same row in Data Studio for databases other than BigQuery?
To enable row level security, I used Filter By Email
option as suggested here .为了启用行级安全性,我按照此处的建议使用了
Filter By Email
选项。 But I want to know can I enable access to same row for multiple users and also how to enable super users who can see all rows.但我想知道我能否为多个用户启用对同一行的访问,以及如何启用可以查看所有行的超级用户。 For example if below is the sample data then I want to have different output based on who is logged in.
例如,如果下面是示例数据,那么我希望根据登录者的不同,设置不同的 output。
userId age email
A 20 usera@gmail.com
B 15 userb@gmail.com
C 25 userc@gmail.com
Z 30 admin@gmail.com
When A is logged in A登录时
userId age email
A 20 usera@gmail.com
When B is logged in B登录时
userId age email
A 20 usera@gmail.com
B 15 userb@gmail.com
When Z is logged in当 Z 登录时
userId age email
A 20 usera@gmail.com
B 15 userb@gmail.com
C 25 userc@gmail.com
Z 30 admin@gmail.com
Update1: I am using postgres instance for reporting (not bigQuery), so solution which make use of @DS_USER_EMAIL
will not work Update1:我正在使用 postgres 实例进行报告(不是 bigQuery),因此使用
@DS_USER_EMAIL
的解决方案将不起作用
The filter by email simply provide you the email of the current logged user. email 的过滤器只是为您提供当前登录用户的 email。 You have to use it to filter your query.
您必须使用它来过滤您的查询。 I designed a simple test like this
我设计了一个像这样的简单测试
with sample as (
select "a" as userId, 10 as age, "usera@gmail.com" as email
UNION ALL
select "b" as userId, 20 as age, "userb@gmail.com" as email
UNION ALL
select "c" as userId, 30 as age, "userc@gmail.com" as email
), auth as (
select "usera@gmail.com" as user, "usera@gmail.com" as permission
UNION ALL
select "userb@gmail.com" as user, "usera@gmail.com" as permission
UNION ALL
select "userb@gmail.com" as user, "userb@gmail.com" as permission
UNION ALL
select "admin@gmail.com" as user, ".*" as permission
)
select * from sample
where REGEXP_CONTAINS(email,(select STRING_AGG(permission,"|") from auth where auth.user = @DS_USER_EMAIL))
I have the sample
table with your data.我有包含您的数据的
sample
表。 I created a auth
table with the link between the user email and the view authorization.我创建了一个
auth
表,其中包含用户 email 和视图授权之间的链接。
In the final request, I use a regex to check if the row is authorized or not.在最后的请求中,我使用正则表达式来检查该行是否被授权。 The admin has the value
.*
to view all the data.管理员具有值
.*
以查看所有数据。 The other is simple an aggregation of all the rows, separated by a pipe |
另一个是所有行的简单聚合,由 pipe
|
分隔(OR in regex language) (或正则表达式语言)
EDIT编辑
The power of BigQuery is the compliance with the SQL2011 standard, and a working query in postgres is similar. BigQuery 的强大之处在于它符合 SQL2011 标准,在 postgres 中的工作查询也是类似的。 For the regex pattern use
SIMILAR TO
.对于正则表达式模式,请使用
SIMILAR TO
。 Look at the admin regex pattern, it's not regex conventional, but it works查看管理正则表达式模式,它不是常规的正则表达式,但它可以工作
string_agg
is an existing function string_agg
是现有的 function
with sample as (
select 'a' as userId, 10 as age, 'usera@gmail.com' as email
UNION ALL
select 'b' as userId, 20 as age, 'userb@gmail.com' as email
UNION ALL
select 'c' as userId, 30 as age, 'userc@gmail.com' as email
), auth as (
select 'usera@gmail.com' as user, 'usera@gmail.com' as permission
UNION ALL
select 'userb@gmail.com' as user, 'usera@gmail.com' as permission
UNION ALL
select 'userb@gmail.com' as user, 'userb@gmail.com' as permission
UNION ALL
select 'admin@gmail.com' as user, '%' as permission
)
select * from sample
where email SIMILAR TO (select STRING_AGG(permission,'|') from auth where auth.user = @DS_USER_EMAIL)
The query works, but it's not usable with Datastudio because the @DS_USER_EMAIL
exists only with BigQuery该查询有效,但不适用于 Datastudio,因为
@DS_USER_EMAIL
仅存在于 BigQuery
The workaround is to use Cloud SQL federated query .解决方法是使用Cloud SQL 联合查询。 And the final request is a mix between both db engine
最后的请求是两个数据库引擎之间的混合
with sample as (
SELECT * FROM EXTERNAL_QUERY("gbl-imt-homerider-basguillaueb.us.vertx-postgres", """ select 'a' as userId, 10 as age, 'usera@gmail.com' as email
UNION ALL
select 'b' as userId, 20 as age, 'userb@gmail.com' as email
UNION ALL
select 'c' as userId, 30 as age, 'userc@gmail.com' as email""")), auth as (
SELECT * FROM EXTERNAL_QUERY("gbl-imt-homerider-basguillaueb.us.vertx-postgres", """ select 'usera@gmail.com' as user, 'usera@gmail.com' as permission
UNION ALL
select 'userb@gmail.com' as user, 'usera@gmail.com' as permission
UNION ALL
select 'userb@gmail.com' as user, 'userb@gmail.com' as permission
UNION ALL
select 'admin@gmail.com' as user, '.*' as permission"""))
select * from sample
where REGEXP_CONTAINS(email,(select STRING_AGG(permission,"|") from auth where auth.user = @DS_USER_EMAIL))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.