Insert Variables for Row Security Restriction Filters

This applies to: Visual Data Discovery

Variables can be inserted as values for any restriction filter in a row security definition. The variables are passed to the connection string via custom attributes specified in the user definition or dynamically in the custom attributes specified in the SAML or LDAP configurations for your Symphony installation.

Step 1: Define Custom Attributes for the Variables
Step 2: Using Variables in Row Security

You can also specify user attributes for use in the connection parameters of a connection definition. See Use User Attributes for Connection Parameters.

If a variable is used in a row security definition, but a corresponding custom attribute is not defined for the user, an error message appears when the user attempts to view a dashboard on which the row security is applied.

Step 1: Define Custom Attributes for the Variables

A custom attribute must be defined for every variable you want to use. The only exceptions are the Symphony context variables ${User.composerUserName}, ${User.accountId}, and ${User.credentials}. These built-in attributes which automatically exist and can be used connect the currently logged in user.

You can define custom attributes in several ways:

Individually for every user definition. If you use this method, the variable names must be the same for every user.
Dynamically in the LDAP or SAML configurations for your Symphony instance. See Use Lightweight Directory Access Protocol (LDAP) With Symphony and Configure Symphony to Support SAML.

Details about specifying custom attribute values are provided in Specify Custom User Attributes.

Step 2: Using Variables in Row Security

To use variables in row security:

Log into Symphony as a user in a group that has been granted the Administer Sources privilege, or a user in a group that has been granted the Manage Source Permissions privilege and who also has read permission for the data source.
Follow the instructions in Restrict Access to Data Using Row Security to add or modify a row security definition. When you get to the step where you select values for the restriction filter, specify the custom attribute (variable) you defined in Step 1 as a value for the filter. If custom attributes are defined, they can be directly entered using the following syntax:
```
${User.<custom-attribute-name>}
```
Save the row security definition and close the Row Security dialog, as described in Restrict Access to Data Using Row Security.

Row Security Filter Errors

When a custom user attribute, used as a variable in a row security filter, is invalid (for example, it cannot be parsed as a value of a required type), a generic error message is given and a detailed message is logged describing what is wrong with the row security filter.