stackoom
  简体   繁体   中英

How to give access to multiple users for same row in Data Studio for databases other than BigQuery?

 原文  2020-08-02 13:20:12       google-cloud-platform/ google-cloud-sql/ google-data-studio

Question

To enable row level security, I used Filter By Email option as suggested here . But I want to know can I enable access to same row for multiple users and also how to enable super users who can see all rows. For example if below is the sample data then I want to have different output based on who is logged in.

userId  age email
A       20  usera@gmail.com
B       15  userb@gmail.com
C       25  userc@gmail.com
Z       30  admin@gmail.com

When A is logged in 

userId  age email
A       20  usera@gmail.com

When B is logged in 

userId  age email
A       20  usera@gmail.com
B       15 userb@gmail.com

When Z is logged in

userId  age email
A       20  usera@gmail.com
B       15  userb@gmail.com
C       25  userc@gmail.com
Z       30  admin@gmail.com

Update1: I am using postgres instance for reporting (not bigQuery), so solution which make use of @DS_USER_EMAIL will not work

1 answers

solution1
 1  2020-08-02 20:16:09

The filter by email simply provide you the email of the current logged user. You have to use it to filter your query. I designed a simple test like this

with sample as (
  select "a" as userId, 10 as age, "usera@gmail.com" as email
  UNION ALL
  select "b" as userId, 20 as age, "userb@gmail.com" as email
  UNION ALL
  select "c" as userId, 30 as age, "userc@gmail.com" as email
), auth as (
  select "usera@gmail.com" as user, "usera@gmail.com" as permission
  UNION ALL
  select "userb@gmail.com" as user, "usera@gmail.com" as permission
  UNION ALL
  select "userb@gmail.com" as user, "userb@gmail.com" as permission
  UNION ALL
  select "admin@gmail.com" as user, ".*" as permission
)
select * from sample
where REGEXP_CONTAINS(email,(select STRING_AGG(permission,"|") from auth where auth.user = @DS_USER_EMAIL))

I have the sample table with your data. I created a auth table with the link between the user email and the view authorization.

In the final request, I use a regex to check if the row is authorized or not. The admin has the value .* to view all the data. The other is simple an aggregation of all the rows, separated by a pipe |(OR in regex language)

EDIT

The power of BigQuery is the compliance with the SQL2011 standard, and a working query in postgres is similar. For the regex pattern use SIMILAR TO . Look at the admin regex pattern, it's not regex conventional, but it works

string_agg is an existing function 

with sample as (
  select 'a' as userId, 10 as age, 'usera@gmail.com' as email
  UNION ALL
  select 'b' as userId, 20 as age, 'userb@gmail.com' as email
  UNION ALL
  select 'c' as userId, 30 as age, 'userc@gmail.com' as email
), auth as (
  select 'usera@gmail.com' as user, 'usera@gmail.com' as permission
  UNION ALL
  select 'userb@gmail.com' as user, 'usera@gmail.com' as permission
  UNION ALL
  select 'userb@gmail.com' as user, 'userb@gmail.com' as permission
  UNION ALL
  select 'admin@gmail.com' as user, '%' as permission
)
select * from sample
where email SIMILAR TO (select STRING_AGG(permission,'|') from auth where auth.user = @DS_USER_EMAIL)

The query works, but it's not usable with Datastudio because the @DS_USER_EMAIL exists only with BigQuery

The workaround is to use Cloud SQL federated query . And the final request is a mix between both db engine

with sample as (
SELECT * FROM EXTERNAL_QUERY("gbl-imt-homerider-basguillaueb.us.vertx-postgres", """ select 'a' as userId, 10 as age, 'usera@gmail.com' as email
  UNION ALL
  select 'b' as userId, 20 as age, 'userb@gmail.com' as email
  UNION ALL
  select 'c' as userId, 30 as age, 'userc@gmail.com' as email""")), auth as (
SELECT * FROM EXTERNAL_QUERY("gbl-imt-homerider-basguillaueb.us.vertx-postgres", """ select 'usera@gmail.com' as user, 'usera@gmail.com' as permission
  UNION ALL
  select 'userb@gmail.com' as user, 'usera@gmail.com' as permission
  UNION ALL
  select 'userb@gmail.com' as user, 'userb@gmail.com' as permission
  UNION ALL
  select 'admin@gmail.com' as user, '.*' as permission"""))
select * from sample
where REGEXP_CONTAINS(email,(select STRING_AGG(permission,"|") from auth where auth.user = @DS_USER_EMAIL))

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question BigQuery data access to two different users without duplicating data How to plot multiple dates from BigQuery drop down into Google Data Studio How do I give users to a group access to my GCP project? Are managed databases (e.g. Amazon RDS) slower to access than databases on the same machine (EC2) as the web server How to update data in google cloud storage/bigquery for google data studio? Making multiple columns into a row in bigquery Data studio how to make a normal table from Bigquery How can multiple users access my big query data without having them to log in to my google account? Google Data Studio error when trying to access BigQuery table sources from Google Drive Spreadsheet Refresh Firebase data to BigQuery to display in Data Studio
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM