Would it be possible to extract the user login information, that is the person signing into the application either using the LDAP/SAML/email authentication methodology through lookML code as this would greatly help us to solve requirement around row level security.
For instance we currently have row level security using access filters, defined at the user level and once we move to 4.8 release we are planning to set it at the group level so its easier to manage but we started getting requirements around more sophisticated requirements around row level security based on the ranking of the user.
For example, if the user is VP of East Cost, he is allowed to see data of all his stores under East Cost but not West Cost or North or South region. Similarly if the user is a Divisional Manager of few stores in East Coast, then he is allowed to see only few stores under the East Cost but not all store data under East Cost and neither West/North/South. And finally when a user is a store representative or a manager of a specific store, then they are only allowed to see data for the specific store.
So the solution i had in my mind was, if we could retrieve the user login information that’s being passed while logging into Looker either via LDAP/SAML or using email ID, basically capture the login attributes of the user through a user attribute variable just like how we use % date_start templated filter and then use this variable to inner join to our primary store alignment data rights table, which would store user login information along with the chain/region/division/district/store information.
Hope this makes sense.
This would greatly help us as onboard more users/customers as you can imagine how hard would it be to configure each and every user profile using multiple level access filters. This solution would reduce the maintenance spent on configuring the access filters for every single user whether spent on user or group level and rather push it on the database front which would be more secured and pre-loaded with all the user login information and moreover this information would always be synced with our customer as they make change to user profiles. That is even if they transfer or change ownership of users from one region to another.
Since 4.10 is currently in pipeline, would it be possible to slate this under your current or immediate release ? This would greatly help us…