Override rights?

I’m setting up RLS and so far everything is great. We have some staff we’d like to restrict to only records associated with them and I was trying to do it through the email they’re logging into holistics with. Problem is I only want it restricted for those folks, my higher level admins should see all data. Since i’m using the h_mail, is there anyway to let a certain group have all addresses assigned or access to all addresses so their data isn’t limited? I know i could do this if i wasn’t using the system attribute but that would cut down maintenance for us.

Hi Mike,

Thank you for your question.

You can combine system user attributes with your own user attributes by creating custom AML fields.

I assume by “RLS”, you mean Row-level permissions?
To set up Row-level permissions combining system user attributes with your own user attributes, for example, you can:

  1. Create a user attribute named is_admin (of type number) and set its value to 1 for your admin users.

  2. On your Model where you would like to apply the restriction, create a new custom dimension to represent the permission. Let’s call it is_visible_to_current_user:

case(
  when: or(
    in(1, H.current_user.is_admin),
    H.current_user.h_email == model_name.email
  ),
    then: 1,
  else: 0
)
  1. Create the row-level Permission Rule in your Dataset on the new custom dimension: is_visible_to_current_user equal 1

Kindly note that our AML custom fields have not been enabled for all customers yet. Thus, in case it has not been enabled yet in your Holistics workspace, please reach out to us at [email protected].

Relevant documentations:

Hope that my answer is helpful to you. Please let me know if you need further assistance.