App level security is an all or nothing approach. You can see data in a finer grain by using row level security.
Owner based security
We can enforce security irrespective of the source.
How to see only data you want to see?
Use a predicate filter, which is also known as a security predicate.
Predicate filters is when some of them are being applied on the server side.
This can be applied on the dataset under the security predicate tab.
EX:
'OwnerName' = '$User.Name'
How to confirm this?
We can look at the network console and look at remote, you will not be able to find the filter. Proves that it is being applied on the server side and ensures security for the dataset.
Team Based Security
This is a hierarchy. You can see your own records and what your team owns. The is a role up hierarchy setup.
ELT (Extract Load and Transform.)
In Wave, we are extracting from salesforce, loading the data and then transformations.
What is a multi-value attribute?
Origin: SFO
Dest: ORD,JFK
Wave can handle multi value attributes very easily.
The benefit is the eventual grandparents the nodes may have. Basically constructing a tree from a key value pair.
Listing all the parents of the node is called Flattening .
A's parents are B,C
First, we are flattening the user role to make sure every user has a multi valued attribute.
No results meet those criteria. Please
This means you are not a part of the role based hierarchy. A Sys Admin does not mean you are a part of every role hierarchy!
Once you add yourself to the hierarchy you will be able to see the records.
Role based hierarchy is enforced using the Flatten operation which is looking at all the parents. This is using the ELT functionality.
Predicate Filters Syntax
You can have or conditions ; AND conditions are also allowed, you can also chain these logical operations. The predicate filters are very flexible.
You can apply it as the data is coming in or after the data has come in. The same applies for data coming from an external data source. Please refer the product documentation to know more about utilizing predicate filters.
<dataset column> <operator> <value>
There has to be a space between all three attributes.
The dataset column names should be in single quotes.
The value of the dimensions can be in double quotes.
The operators are logical operators.
Value can be a string literal, number literal or a field value.
Example:
'Owner' = \"Joe\" || 'Owner' = \"Bill\"
$User and Integration vs Security User.
Security user:
$User needs FLS Access and needs API Names always
Else will throw application error
Security:
Territory and External Hierarchy -- Similar to Role Hierarchy the ELT operation
Sharing Rules-- They do not automatically transfer onto Wave. Just because you have 150 sharing rules does not mean you need 150 predicate filters.
FLS -- Looking at a subset of records. Wanting a certain subset of users looking at a particular set of users only.
Have different apps with different end users and give them different FLS.
No comments:
Post a Comment