Implementing Column-Level Security in Bold BI
Column-level security is an essential feature that enables organizations to safeguard sensitive data by restricting access to specific columns in a dataset. This is particularly vital in environments where data privacy and compliance are critical. In Bold BI, column-level security can be implemented using user attributes in the Expression Designer or using Custom attributes. This article provides a comprehensive guide on how to set up this security feature effectively.
Using Expression Designer
Column-level data security in Expression Designer allows for defining specific conditions that control data access at the column level. By creating expressions within Expression Designer, you can dynamically mask or restrict data visibility based on user roles, permissions, or other criteria. This setup ensures sensitive information is protected while still allowing access to permissible data fields.
1. Hide the Column in the Query Designer Page
Begin by navigating to the Query Designer page. Here, you can hide the columns that need to be restricted from view, ensuring that sensitive data is not displayed to unauthorized users.
2. Create Expressions for User Restriction
After hiding the columns, the next step is to create expressions that determine which users can access specific columns. These expressions can be based on user attributes such as the current username, email ID, or full name.
The syntax for creating these expressions is as follows:
IF(@{{:CURRENTUSER.FULLNAME}}='UserName',[Column],NULL)
This expression checks if the current user’s full name matches a specified username. If it does, the column is displayed; otherwise, it returns NULL, effectively hiding the column from unauthorized users.
Viewing Modes
- Mentioned User in Expression: In view mode, users mentioned in the expression will have access to all columns specified in the dataset, allowing for tailored access based on user roles or responsibilities.
- Other Users: For users not mentioned in the expression, view mode will restrict access to only those columns they are authorized to view, ensuring that sensitive information remains protected.
Using Custom Attributes
Custom attributes can be utilized to achieve column-level data security for both user and group levels, allowing for tailored data visibility based on user roles within different groups.
Setting Up Custom Attributes
To create a custom attribute, refer to the official documentation that outlines the necessary implementation steps.
Example Scenario
Consider two groups: Group1 and Group2.
- Group1 includes users: user1 and user2.
- Group2 includes users: user3 and user4.
For users in Group1, you can display column1 by setting the value of the custom attribute to the name of column1. Conversely, for users in Group2, you can display column2 by setting the value of the custom attribute to the name of column2.
Consistency in Custom Attribute Names
It is crucial to ensure that each custom attribute name remains consistent across all groups to avoid discrepancies in data visibility.
Utilizing Custom Attributes in Queries
After creating the custom attribute, you can use it in query mode (Codeview Mode) to form a column. The following example illustrates how to implement this:
${{:Custom_Attribute}} as column1
In this query, Custom_Attribute represents the name of the custom attribute. The value of this custom attribute (i.e., the column name) will be dynamically replaced based on the user’s login credentials.
Conclusion
By following these steps, organizations can effectively implement column-level security in Bold BI, ensuring that sensitive data is only accessible to authorized users. This enhances data security and helps maintain compliance with data protection regulations. Utilizing custom attributes further strengthens data security, ensuring that users only access information pertinent to their roles.
Additional References
