We have very sensitive fields that we have locked down using a user attribute.
This works well, but users with sudo permissions can sudo as a user with the required permissions and then see the sensitive data.
We don’t want to remove our Looker Superuser’s ability to sudo as they use it a lot to support their teams.
Can you limit which users a user can sudo as?
We could then only allow Superusers to sudo as their own team members.
Can you prevent fields from being displayed when the user is being sudoed?
We are aware that sudos are logged but this isn’t very accessible and we would have to setup a process to monitor this on a regular basis.
Any suggestions appreciated!