Row Filter

Row filtering is a mechanism used to control access to data by limiting the rows that users can view based on specific criteria. It is typically employed in scenarios where different users or groups require access to the same dataset but with varying levels of permission based on their roles or responsibilities. Row filtering ensures that users only see the data that is relevant to them, enhancing data privacy, security, and compliance. For instance, sales reps can access only their assigned customer data, enhancing security and compliance.

Create Row Filter Privileges

To create a privilege, follow these steps:

1. Navigate to catalogs, and click on the desired catalog.

2. Select the Privilege(Beta) tab.

3. Click on Create Privileges to create a new privilege.

4. Provide a name to privilege.

5. Enter a description of the privilege (optional).

6. Select the row filter from the type of privilege.

7. Select the databases.

8. Select the table and enter the expression.

9. Select the user(s)/group(s) to whom you wish to provide access to the selected schema.

10. Click on "Create."

11. The privilege will be created and can be viewed in the privileges tab list.

Table-Specific Row Filtering Example

If the user selects a specific table, the row filter privilege will only be applied to that table. For example:

• table: call_center

• database: tpcds_1000_delta

• row filter condition: cc_employees=6879074

• User - George

Row filter privilege applied only on table - call_center for user - george

Row filter privilege not applied for table - customer for user - George

User-Specific Row Filtering Example

If the user has been assigned the row filter privilege, the row filter will only be applied to them. For example:

• table selected: call_center

• database selected: tpcds_1000_delta

• row filter condition: cc_employees=6879074

This row filter policy applies exclusively to the selected users. For instance, when running the query "SELECT * FROM call_center," only the assigned user will view the filtered data.

For another user, no row filter condition will be applicable.

Limitations

• Subqueries with row filter conditions are not yet supported.

• Row filter conditions with aggregate functions are not yet supported as aggregations are in the HAVING clause

• For multiple-row filters in the same table, only the first-row filter will be applied in a query with a combination of these row filters.

Update Row Filter Privilege

To edit a privilege, follow these steps:

1. Click on the three dots next to the privilege you want to edit.

2. Select "Edit" from the dropdown menu.

3. The privilege form will now be available for modification.

4. If you want to change the description, update it accordingly.

5. Choose the databases.

6. Select the table and edit the expression (if you want to)

7. You can more row filter expressions by clicking on add more filters

8. Select the users and groups you wish to grant access to for the selected schema.

9. Finally, click on "Update" to save your changes.

Delete Row Filter Privilege

To delete a privilege, follow these steps:

1. Click on the three dots next to the privilege you want to delete.

2. Select "Delete" from the dropdown menu.

3. Confirm the deletion by typing "Delete" in the alert box.