1

Hi, currently I have a table which records information for multiple customers. In the table, there is a tenant_id column which differentiate which tenant we are serving. Now I want to create an account or maybe multiple accounts for each tenant. Each tenant should be able to view only his/her data.

I came up with two ways to solve this problem. The first is to use row level access for data source, which seems not applicable for now? The second is, to create another table which maps user_id from Redash, to tenant_id in my data table. And when doing SQL queries, I can query like:

SELECT * FROM data_table JOIN map_table 
WHERE 
    data_table.tenand_id = map_table.tenant_id 
    AND 
    map_table.user_id = current_login_user_id;

The SQL query may be wrong but hope you can get my idea :joy: . Is this possible? Or, is there other ways to solve my problem? Thanks!

UPDATE: In short, we hope to realize the scene, multiple users use the same data source, access to the same dashboard. But based on their login user_id, SQL queries use different conditions and different contents are provided.

3 Likes
2

I’m having the same problem, any suggestion about it? Could i take some variable from login info to fill the query with this info?

3

MS SQL Server 2016+ support Row Level Security (RLS). We use it to control which records are returned by specifying the configured user in the DataSource.

4

+1. Metabase implement this feature like this:

  1. Add KV attributes to User. e.g. key=user_id, value=1
  2. In each queries, appends all attributes of loged-in user to the query. e.g.
select * from (
    {the_query}
) tmp 
where tmp.custom_parameter = {{user.user_id}}
2 Likes
5

Yes, this was discussed briefly in #2016:

We can use the details JSON column of the user object to store these. Aside from the UI should be relatively simple to implement :slight_smile:

1 Like