Controlling access to cubes and views

We want to manage user access to different cubes and/or views depending on some sort of user property. In the recipe below, we will manage access to a view so that only users with a department claim in their JWT can query it.

module.exports = {
  contextToAppId: ({ securityContext }) => {
    return `CUBEJS_APP_${securityContext.company}`;
  },
  extendContext: (req) => {
    const { department } = jwtDecode(req.headers['authorization']);
    return {
      isFinance: department === 'finance',
    };
  },
};

// Orders.js
cube(`Orders`, {
  sql: `SELECT * FROM public.orders`,
  shown: false,

  ...,
});

// Users.js
cube(`Users`, {
  sql: `SELECT * FROM public.users`,
  shown: false,

  ...,
});

// TotalRevenuePerCustomer.js
view('TotalRevenuePerCustomer', {
  description: `Total revenue per customer`,
  shown: COMPILE_CONTEXT.permissions.isFinance,

  includes: [
    Orders.totalRevenue,
    Users.company,
  ],
});

After generating a JWT with a department claim set to finance, we can send it as part of a cURL command:

curl \
  -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkZXBhcnRtZW50IjoiZmluYW5jZSIsImV4cCI6MTY2NzMzNzI1MH0.njfL7GMDNlzKaJDZA0OQ_b2u2JhuSm-WjnS0yVfB8NA" \
  http://localhost:4000/cubejs-api/v1/meta

The /meta endpoint shows the available cubes and views:

{
  "cubes": [
    {
      "name": "TotalRevenuePerCustomer",
      "title": "Total Revenue Per Customer",
      "description": "Total revenue per customer",
      "measures": [
        {
          "name": "TotalRevenuePerCustomer.totalRevenue",
          "title": "Total Revenue Per Customer Total Revenue",
          "shortTitle": "Total Revenue",
          "cumulativeTotal": false,
          "cumulative": false,
          "type": "number",
          "aggType": "number",
          "drillMembers": [],
          "drillMembersGrouped": {
            "measures": [],
            "dimensions": []
          },
          "isVisible": true
        }
      ],
      "dimensions": [
        {
          "name": "TotalRevenuePerCustomer.company",
          "title": "Total Revenue Per Customer Company",
          "type": "string",
          "shortTitle": "Company",
          "suggestFilterValues": true,
          "isVisible": true
        }
      ],
      "segments": []
    }
  ]
}

Please feel free to check out the full source code or run it with the docker-compose up command.

Did you find this page useful?