There are commonly two types of information security in BI reporting;
- Row-level security – This enables filtering of rows of data from a query output based on user authorization. Example : Business users from Sales Division Dallas should only see Dallas Sales.
- Column-level security – This enables the hiding or masking of fields or columns from query output based on user authorizations. Example : When customer credit information report is shared to agencies,they should not see Credit card / phone numbers.
When it comes to providing analytics to users we would need to restrict data at row or column level frequently. Though we will leverage data security inherited from database most of the times, now and then we require to configure security at the front end. In this blog we will discuss options available out of the box LookML to configure data security, Localizing Looker UI and localizing the data model!
Looker provides simple ways to handle row, column security and localization options. In Looker Administrators can set granular permissions by user or group, and can restrict data access from the database level all the way down to the row or column level.
Column (Field) level security
We Can Exclude Individual objects by Using fields with “explore”.
We can use fields under the explore parameter in order to take advantage of the ALL_FIELDS* set and then exclude fields. For example:
- All fields and sets must be fully scoped (use view_name.field_name syntax)
- Fields and sets may be excluded by preceding them with a hyphen (-)
- Set names always end with an asterisk (*)
- We may use the built-in set name ALL_FIELDS*, which includes all fields in the Explore
- We may use the built-in set name view_name*, which includes all fields in the referenced view.
- A list of fields may be used like this: [view_name.field_a, view_name.field_b].
- We can also reference a set of fields (which is defined in a view’s set parameter), like [view_name.set_a*]. The asterisk tells Looker that we are referencing a set name, rather than a field name.
Row Level security
Access_filter lets us to apply user-specific data restrictions. An access_filter parameter is specific to a single Explore, so we need to make sure we apply an access_filter parameter to each Explore that needs a restriction.
In below example we created a user attribute called currency and used it along with access_filters in the model.Note,User Access must be “View” to use user attribute in access_filters.
A WHERE clause is added to SQL when the field “currency” used in explore.Please note, we have not added any filters manually.
Localizing the Looker User Interface
Certain Looker user interface text can be displayed into the following languages:
|Language||Locale Code and Strings File Name|
To enable localization, set the locale for users or user groups through one of the following methods:
To set a locale for individual users: Use one of the codes in the above table in the Locale (beta) field on the Edit User page in the Admin panel.
To set a locale for a user group: Assign one of the codes in the above table to the locale user attribute for a particular user group. If users within a group have set a custom value using the Locale (beta) setting, the custom value will override any value assigned to the group. To prevent that from happening, ensure the User Access setting for the locale user attribute is not set to Edit.
For users with no locale set, Looker uses English as the default.
Below results for setting user attribute locale(beta) to es_MX. Please note Browse,Explore,development and Admin menu items.
Localizing View and Field Names in Looker
With model localization, we can customize how the model’s labels and descriptions display according to a user’s locale. We can localize labels, group labels, and descriptions in the model. We can localize LookML dashboard title, description and text.
Models can be localized into any language using.strings files.To localize both data models and the Looker user interface, the models’.strings files must be named with the same locale code used for the user interface.
Looker’s LookML will help us configure data security and out of the box(beta) locale feature will help us localize most of the menu items Looker UI and localize labels, titles and descriptions with ease.