Documentation
Access control
Row-level security

Row-level security

The data model serves as a facade of your data. With row-level security, you can define whether some data model facts are exposed to end users and can be queried via APIs & integrations.

Row-level security in Cube is similar to row-level security in SQL databases. Defining whether users have access to specific facts from cubes and views is similar to defining access to rows in database tables.

By default, all rows are public, meaning that no filtering is applied to data model facts when they are accessed by any users.

Managing row-level access

You can use access policies to manage both member-level and row-level security based on groups and user attributes.

Here's an example of how to filter rows by a user attribute using access policies:

YAML
JavaScript
cubes:
  - name: orders
    # ...
 
    access_policy:
      - group: manager
        row_level:
          filters:
            - member: country
              operator: equals
              values: [ "{ userAttributes.country }" ]
Access policiesMember-level security