Prior to release 3.10, Model Sets are called Domains, and Permission Sets are called Role Types.
This page deals with limiting user data access. If you want to limit user capabilities, check out our documentation on roles, permission sets, and model sets.
Creating Multiple Models and Model Sets
In this example, imagine you have two teams: marketing and finance. These two teams should not have access to the entire model. Their access can be limited be creating two separate models for each user group called
thelook_finance, like so:
Now, create a **Model Set** for each team and only grant access to the appropriate model:
Next, create a new **Role** for that group of users and limit their **Model Set** to the one you just created.
We now have separate user roles for each of the **marketing** and **finance** teams. These roles limit access to only ```thelook_marketing``` or ```thelook_finance```, respectively.
The next step is limiting what the marketing and finance teams can see within the model they have access to. In each model, you can manage user access to specific views and dashboards, fields, and data.
Managing View and Dashboard Access
View and dashboard access can be managed through the use of
include statements in the model. Most of the time, all dashboard and view files are included in the model, like so:
- include: '*.dashboard.lookml' - include: '*.view.lookml'
In order to limit which model has access to which files, write
include statements for each of the files the model can access. For example, you may want to limit which dashboards marketing and finance users can see, while also limiting view file access in the finance model:
Managing Field Access
Limiting user access to specific fields is possible through the use of
sets within view files. Check out this article to find out more.
Managing Data Access Through Filters
User access to specific data can be limited through filter parameters. Check out
access_filter_fields to learn more about filtering data at the explore level.