-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
Copy pathusers.yaml
54 lines (49 loc) · 1.53 KB
/
users.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
cubes:
- name: users
sql_table: users
measures:
- name: count
sql: id
type: count
dimensions:
- name: city
sql: city
type: string
- name: id
sql: id
type: number
primary_key: true
access_policy:
- role: "*"
row_level:
filters:
- member: "{CUBE}.city"
operator: equals
values: ["{ security_context.auth.userAttributes.city }"]
- role: admin
conditions:
# This thing will fail if there's no auth info in the context
# Unfortunately, as of now, there's no way to write more complex expressions
# that would allow us to check for the existence of the auth object
- if: "{ security_context.auth.userAttributes.canHaveAdmin }"
row_level:
filters:
- or:
- and:
- member: "{CUBE}.city"
operator: notStartsWith
values:
- London
- "{ security_context.auth.userAttributes.city }"
# mixing string, dynamic values, integers and bools should not
# cause any compilation issues
- 4
- true
- member: "city"
operator: notEquals
values:
- 'San Francisco'
- member: "{CUBE}.city"
operator: equals
values:
- "New York"