This scenario will focus on a national research company that wishes to filter HR (Absences) data based on management access. The research company has multiple branches across many regions with the following management structure:
The best way to achieve the desired result would be to assign a group based filter and assign users to the appropriate groups. This way a user will only ever see the information they have permission to view.
As with all security filters, we begin by adding a security filter to the dataset. In this case, we are going for the lowest common denominator - the branch. It is represented by the Location column in the dataset, which we will link to the group name.
Select Save to apply the filter and Save the dataset
When modelling the group structure to the data structure using the group name as the security filter, make sure the group name matches the data exactly. We use the location (city) and not the region for a security identifier since at the most granular level we wish to restrict access by city.
This way we can determine what data is returned to the user by selecting which branches they have permission to view. Selecting as many or as few as the users management level allows.
Following, we would need to activate security filters for the user.
You can grant the user access to the relevant group(s). Once the user logs in and views this dashboard (or dashboards), they will only see their own data (i.e., data for London and Manchester). Select Save to apply your changes.
In the above example, the filter applied to the DemoViewer user would be as follows:
Location = Group Name = ('London' OR 'Manchester'). The dashboard can be published directly to the parent 'Demo UK Research Company' group.
Note: If you are using linked dataset filters in your dashboard(s), please note that any linked datasets should have the same security filter applied (in this case, Location= Group Name).
We can now repeat this process for each user we wish to be affected by the security filter. Save the changes to the user.
It is not necessary to apply security filters to the CEO user as by default they are expected to see the unfiltered results for the entire company.
Once complete, every component and dashboard created from this dataset (or linked datasets) will now be filtered by the user's security identifier, ensuring that each user only has access to their allocated information. Meaning that only a single master dashboard would need to be created and shared with all users, with no risk of a user being able to see restricted data.
Below is another example where the 'Absence Cost' component is visualised as a graph and the Manager is responsible for the Scotland and Milton Keynes branches:
- The CEO is able to see the whole business.
- Regional managers are able to see their allocated regions only.
- Branch managers are limited to their own branch (city) only.
The best way to achieve the desired result would be to assign a group based filter and assign users to the appropriate groups. This way a user will only ever see the information they have permission to view.
Select Save to apply the filter and Save the dataset
When modelling the group structure to the data structure using the group name as the security filter, make sure the group name matches the data exactly. We use the location (city) and not the region for a security identifier since at the most granular level we wish to restrict access by city.
This way we can determine what data is returned to the user by selecting which branches they have permission to view. Selecting as many or as few as the users management level allows.
Following, we would need to activate security filters for the user.
You can grant the user access to the relevant group(s). Once the user logs in and views this dashboard (or dashboards), they will only see their own data (i.e., data for London and Manchester). Select Save to apply your changes.
Location = Group Name = ('London' OR 'Manchester'). The dashboard can be published directly to the parent 'Demo UK Research Company' group.
Note: If you are using linked dataset filters in your dashboard(s), please note that any linked datasets should have the same security filter applied (in this case, Location= Group Name).
We can now repeat this process for each user we wish to be affected by the security filter. Save the changes to the user.
It is not necessary to apply security filters to the CEO user as by default they are expected to see the unfiltered results for the entire company.
Once complete, every component and dashboard created from this dataset (or linked datasets) will now be filtered by the user's security identifier, ensuring that each user only has access to their allocated information. Meaning that only a single master dashboard would need to be created and shared with all users, with no risk of a user being able to see restricted data.
Below is another example where the 'Absence Cost' component is visualised as a graph and the Manager is responsible for the Scotland and Milton Keynes branches: