Access Control
Access control in Spreadic can be managed on three levels:
Model-level Access
All models are by default accessible to all users. You can remove access to an entire model (for example, the customers model containing customer information) by adding a single line of code in the model definition:
models:
- name: customers
description: "Customer information"
meta:
label: 'Customers'
restricted: trueColumn-level Access
Very often you would only want to limit access to certain columns with sensitive information, while allowing users to retrieve information from other columns of the same model. For example, you can control access to the column containing customers' addresses by restricting it in the column definition:
columns:
- name: address
description: "The address of the customer"
meta:
dimension:
label: "Customer Address"
restricted: trueOn top of that, if there are certain employees who need to access this restricted column, you can explicitly define a whitelist and grant access to those users in an access profile YAML. For example, say Carl is your customer service manager and is the only person who needs access to the addresses, you can grant him that by creating this access profile:
version: 2
access_profiles:
- name: customer_addresses
description: "Customer addresses for communications"
rules:
- model: customer
columns: [address]
access: [carl]Row-level Access
Sometimes you may want to allow specific users access to only certain entries (based on some data filter). For example, if you want to allow John and Sally, your London area managers, to only access order information for orders in London, you can first restrict the orders model, and then grant access with this access profile:
version: 2
access_profiles:
- name: london_orders
description: "Orders in London"
rules:
- model: orders
sql_filter: "city = 'London'"
access: [john, sally]Last updated