# Date-based access control

> How to restrict specific date ranges for different users/usergroups in Holistics

Not all data should be viewable by all users and this is often a requirement when building the dashboard. One of the common use cases is how to restrict specific date ranges for different users/usergroups at the dashboard level.

In Holistics, instead of creating different reports based on what users can and cannot see, you can restrict the date range that end-users can query on the dashboard by configuring **[Row Level Permission](/docs/access-control/row-level-permission) (RLP)** on the dataset level.

## Use case
Suppose you created a sales report for a set of products over several years. Currently, the report displays results for all dates. 

Your company has 2 teams: Marketing and Support. And when you publish the report, you want to allow:

- **Marketing team** to see only the data 6 months ago till today.
- **Support team** to see only the data last 7 days.

For example, this is what a **Support team** member should see (only data last 7 days):

Compared with the view of the **Marketing team** on the same dashboard.

## High-level mechanism
To limit the amount of data displayed for the user responsible only for a selected team, you can apply a ***user attribute*** that restricts access to the data based on users’ characteristics. 

For example, we define an attribute and assign value for a user in the **Support team** is `last 7 days` . She only sees rows where `Order Created Date` value falls within the last 7 days.

We then define a Permission Rule at the Dataset level, linking this user's attribute to the relevant dataset's field. The permission rule ensures the user attribute is applied as a filter directly to the dataset's model field whenever the dataset executes.

Now, whenever the user views a dashboard or explores a dataset, the permission rule is automatically applied, filtering the data down to whatever the user is allowed to access.

Let's walk through the detailed steps below.

## Step 1: create a date user attribute at the user group level
Assume that we already have 2 groups of users ‘Marketing’ and ‘Support’.

*First*, you need to create a new user attribute called `attr_date` with Date type

- Go to [Manage Users](https://secure.holistics.io/manage/users) or [Manage Groups](https://secure.holistics.io/manage/groups)
- Click on Attributes next to the user/group
- Add new attribute called `attr_date` with type “Date”
    
    
    

*Then*, set default values that are appropriate for each group. 

```sql
marketing.attr_date = ['6 months ago till today'];
support.attr_date = ['last 7 days'];
manager.attr_date = All;
```

***Note:*** The date range value takes either a start date and an end date `(12/09/2020 12:01 - 12/11/2020 13:01)` or a string representing time `(Last week, Last month...)`. Visit [Relative Date Syntax](/docs/datetimes/relative-dates) for more information. 

## Step 2: setting up permission rule in dataset
Navigate to the **Dataset** you want to set up permission settings. Open **Permission Settings**. Click **Add permission** to create a new permission rule.

Map `Order Created Date` from Data Model **Order Master** to User Attribute `attr_date`.

    

Changes in permissions apply immediately to existing users.