Skip to main content

Date-based Access Control

Not all data should be viewable by all users and this is often a requirement when building the dashboard. One of the common use cases is how to restrict specific date ranges for different users/usergroups at the dashboard level.

In Holistics, instead of creating different reports based on what users can and cannot see, you can restrict the date range that end-users can query on the dashboard by configuring Row Level Permission (RLP) on the dataset level.

Use case

Suppose you created a sales report for a set of products over several years. Currently, the report displays results for all dates.

Your company has 2 teams: Marketing and Support. And when you publish the report, you want to allow:

  • Marketing team to see only the data 6 months ago till today.
  • Support team to see only the data last 7 days.

For example, this is what a Support team member should see (only data last 7 days):

What Support team should see

Compared with the view of the Marketing team on the same dashboard.

What Marketing team should see

High-Level Mechanism

To limit the amount of data displayed for the user responsible only for a selected team, you can apply a user attribute that restricts access to the data based on users’ characteristics.

For example, we define an attribute and assign value for a user in the Support team is last 7 days . She only sees rows where Order Created Date value falls within the last 7 days.

We then define a Permission Rule at the Dataset level, linking this user's attribute to the relevant dataset's field. The permission rule ensures the user attribute is applied as a filter directly to the dataset's model field whenever the dataset executes.

Now, whenever the user views a dashboard or explores a dataset, the permission rule is automatically applied, filtering the data down to whatever the user is allowed to access.

Date-based access control mechanism

Let's walk through the detailed steps below.

Step 1: Create a date user attribute at the user group level

Assume that we already have 2 groups of users ‘Marketing’ and ‘Support’.

First, you need to create a new user attribute called attr_date with Date type

  • Go to Manage Users or Manage Groups
  • Click on Attributes next to the user/group
  • Add new attribute called attr_date with type “Date” Attribute Date

Then, set default values that are appropriate for each group.

marketing.attr_date = ['6 months ago till today'];
support.attr_date = ['last 7 days'];
manager.attr_date = All;

Attribute Value

Note: The date range value takes either a start date and an end date (12/09/2020 12:01 - 12/11/2020 13:01) or a string representing time (Last week, Last month...). Visit Relative Date Syntax for more information.

Step 2: Setting up Permission Rule in Dataset

Navigate to the Dataset you want to set up permission settings. Open Permission Settings. Click Add permission to create a new permission rule.

Map Order Created Date from Data Model Order Master to User Attribute attr_date.

Set up permission

Changes in permissions apply immediately to existing users.

Let us know what you think about this document :)