Exploring Row-Level Security for Both Bold BI Users and Anonymous Users in SDK-Based Embedding

This document explores Row-Level Security (RLS) in Bold BI and demonstrates how to implement RLS for both authenticated Bold BI users and anonymous users accessing dashboards through embedding.

For authenticated users, we will discuss how RLS can be configured within Bold BI, ensuring that users see only the data relevant to their roles or user permissions.

For anonymous users, we will explain how RLS can be configured at the embedding level, ensuring that users see only the data relevant to their roles or group permissions.

Here we explain some of the approaches that can achieve row-level security for both Bold BI users and anonymous users.

Bold BI Users

Custom Attribute

Configure a custom attribute for authenticated users in the Bold BI Server:

Configure custom attributes on the Bold BI server for each authenticated user to enable filtering based on specific attribute values.
Create a dashboard in Bold BI using a custom attribute database:

Create a dashboard using the data source that includes the custom attribute database, which contains the custom attributes set during the creation of the data source.

Embed the Bold BI Dashboard Using JavaScript:

Embed the Bold BI dashboard into your application using JavaScript. This allows for seamless integration and interaction with your application. Please refer to Embedding using JavaScript to learn how to embed a dashboard using JavaScript.

In the AuthorizeAPI, pass the logged-in user’s email using the following query parameter: embed_user_email. The dashboard will then render based on the user’s information and permissions.

[HttpPost]
[Route("AuthorizationServer")]
public string AuthorizationServer([FromBody] object embedQuerString)
{
    var embedClass = Newtonsoft.Json.JsonConvert.DeserializeObject<EmbedClass>(embedQuerString.ToString());

    var embedQuery = embedClass.embedQuerString;
    // User your user-email as embed_user_email
    embedQuery += "&[email protected]"; // Bold BI user email
    //To set embed_server_timestamp to overcome the EmbedCodeValidation failing while different timezone using at client application.
    double timeStamp = (int)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
    embedQuery += "&embed_server_timestamp=" + timeStamp;
    var embedDetailsUrl = "/embed/authorize?" + embedQuery + "&embed_signature=" + GetSignatureUrl(embedQuery);

    using (var client = new HttpClient())
    {
        client.BaseAddress = new Uri(embedClass.dashboardServerApiUrl);
        client.DefaultRequestHeaders.Accept.Clear();

        var result = client.GetAsync(embedClass.dashboardServerApiUrl + embedDetailsUrl).Result;
        string resultContent = result.Content.ReadAsStringAsync().Result;
        return resultContent;
    }
}

Lily user dashboard

User Filter

Configure the user filter for Bold BI users in the Bold BI Server:

Configure the Row-Level Security user filter for the Bold BI user based on their roles in the “Configure User Filters” option.

Embed the Bold BI Dashboard Using JavaScript:

In the AuthorizeAPI, pass the logged-in user’s email using the following query parameter: embed_user_email. The dashboard will then render based on the user’s information and permissions.

[HttpPost]
[Route("AuthorizationServer")]
public string AuthorizationServer([FromBody] object embedQuerString)
{
    var embedClass = Newtonsoft.Json.JsonConvert.DeserializeObject<EmbedClass>(embedQuerString.ToString());

    var embedQuery = embedClass.embedQuerString;
    // User your user-email as embed_user_email
    embedQuery += "&[email protected]"; //Bold BI user email
    //To set embed_server_timestamp to overcome the EmbedCodeValidation failing while different timezone using at client application.
    double timeStamp = (int)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
    embedQuery += "&embed_server_timestamp=" + timeStamp;
    var embedDetailsUrl = "/embed/authorize?" + embedQuery + "&embed_signature=" + GetSignatureUrl(embedQuery);

    using (var client = new HttpClient())
    {
        client.BaseAddress = new Uri(embedClass.dashboardServerApiUrl);
        client.DefaultRequestHeaders.Accept.Clear();

        var result = client.GetAsync(embedClass.dashboardServerApiUrl + embedDetailsUrl).Result;
        string resultContent = result.Content.ReadAsStringAsync().Result;
        return resultContent;
    }
}

grace user dashboard

Anonymous Users

An anonymous user who is not available on our Bold BI Server can embed a dashboard based on group-based authorization using SDK-based embedding.

Note: To learn more about support for anonymous users, please refer to this link.

Custom Attribute

Embed the Bold BI Dashboard Using JavaScript:

In the AuthorizeAPI, pass the anonymous user’s details and custom attribute values using the following query parameters: embed_anonymous_token, embed_authorize_group, and embed_custom_attribute. These parameters ensure that the dashboard renders data filtered based on the user’s information and permissions.

Below is a modified implementation example for row-level filtering using a custom attribute:

[HttpPost]
[Route("AuthorizationServer")]
public string AuthorizationServer([FromBody] object embedQuerString)
{
    var embedClass = Newtonsoft.Json.JsonConvert.DeserializeObject<EmbedClass>(embedQuerString.ToString());

    var embedQuery = embedClass.embedQuerString;
    // User your user-email as embed_user_email
    embedQuery += "&[email protected]"; // Anonymous user email
    embedQuery += "&embed_anonymous_token=true&embed_authorize_group=Accounts_Team&embed_custom_attribute=[{'sales_analysis_db':'gamma_industries_sales_analysis'}]";
    //To set embed_server_timestamp to overcome the EmbedCodeValidation failing while different timezone using at client application.
    double timeStamp = (int)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
    embedQuery += "&embed_server_timestamp=" + timeStamp;
    var embedDetailsUrl = "/embed/authorize?" + embedQuery + "&embed_signature=" + GetSignatureUrl(embedQuery);

    using (var client = new HttpClient())
    {
        client.BaseAddress = new Uri(embedClass.dashboardServerApiUrl);
        client.DefaultRequestHeaders.Accept.Clear();

        var result = client.GetAsync(embedClass.dashboardServerApiUrl + embedDetailsUrl).Result;
        string resultContent = result.Content.ReadAsStringAsync().Result;
        return resultContent;
    }
}

Eric user dashboard

When custom attributes are applied to an embedded Bold BI dashboard, the dashboard is rendered based on the attribute database values provided. This ensures that the displayed data is personalized according to the custom attribute values for anonymous users.

User Filter

Embed the Bold BI Dashboard Using JavaScript:

In the AuthorizeAPI, pass the anonymous user’s details, and user filter values using the following query parameters: embed_anonymous_token, embed_authorize_group, and embed_datasource_filter. These parameters ensure that the dashboard renders data filtered based on the user’s information and group permissions.

Below is a modified implementation example for row-level filtering using a datasource filter:

[HttpPost]
[Route("AuthorizationServer")]
public string AuthorizationServer([FromBody] object embedQuerString)
{
    var embedClass = Newtonsoft.Json.JsonConvert.DeserializeObject<EmbedClass>(embedQuerString.ToString());

    var embedQuery = embedClass.embedQuerString;
    // User your user-email as embed_user_email
    embedQuery += "&[email protected]"; // Anonymous user email
    embedQuery += "&embed_anonymous_token=true&embed_authorize_group=Business_Development_Team&embed_datasource_filter=[{region=IN(South,West)}]";
    //To set embed_server_timestamp to overcome the EmbedCodeValidation failing while different timezone using at client application.
    double timeStamp = (int)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds;
    embedQuery += "&embed_server_timestamp=" + timeStamp;
    var embedDetailsUrl = "/embed/authorize?" + embedQuery + "&embed_signature=" + GetSignatureUrl(embedQuery);

    using (var client = new HttpClient())
    {
        client.BaseAddress = new Uri(embedClass.dashboardServerApiUrl);
        client.DefaultRequestHeaders.Accept.Clear();

        var result = client.GetAsync(embedClass.dashboardServerApiUrl + embedDetailsUrl).Result;
        string resultContent = result.Content.ReadAsStringAsync().Result;
        return resultContent;
    }
}

Amy user dashboard

When user data source filters are applied to an embedded Bold BI dashboard, the dashboard is rendered according to the user-specific filter provided. This ensures that the displayed data is personalized based on the data access permissions assigned to the anonymous user, according to group permissions.

Sample Application for Row-Level Security Demo

A demo site has been provided to showcase the use of custom attributes with data filtering based on whether the user is a logged-in Bold BI user or an anonymous user. On the login page, you will find a list of user credentials. By logging in with any of these credentials, the dashboard will dynamically render according to the value of the custom attribute and data source filter configured for Bold BI users, and will be dynamically passed for anonymous users at the embedding level.

Contents

Bold BI Users
Custom Attribute
User Filter
Anonymous Users
Custom Attribute
User Filter
Sample Application for Row-Level Security Demo

Contents

Bold BI Users
Custom Attribute
User Filter
Anonymous Users
Custom Attribute
User Filter
Sample Application for Row-Level Security Demo

Please provide additional information

Thank you for your feedback and comments.We will rectify this as soon as possible!