Docs: Update security policy docs with usergroup and wildcard examples #5210
Conversation
There was a problem hiding this comment.
Made a 2nd commit with the proposed cleanup and adding an example for showing access, which should be the most common use case for groups with security policies. @begelundmuller Could you validate quickly and then I'll approve?
docs/docs/manage/security.md
Outdated
| @@ -40,8 +40,7 @@ When developing access policies, you can leverage a fixed set of user attributes | |||
| - `.user.domain` – the domain of the current user's email address, for example `example.com` (string) | |||
| - `.user.name` - the current user's name, for example `John Doe` (string) | |||
| - `.user.admin` – a boolean value indicating whether the current user is an org or project admin, for example `true` (bool) | |||
| <!-- PENDING SUPPORT FOR USER-DEFINED USERGROUPS --> | |||
| <!-- - `.user.groups` - a list of usergroups the user belongs to in the project's org. Custom usergroups are not currently supported, so this will always be `["all"]`. --> | |||
| - `.user.groups` - a list of usergroups the user belongs to in the project's org (list of strings) | |||
There was a problem hiding this comment.
Could we change this to "user groups". I would probably give an example as well:
.user.groups - a list of user groups the user belongs to in the project's org (list of strings), e.g. ["marketing", "sales", "finance"]
docs/docs/manage/security.md
Outdated
| <!-- | ||
| ### Use wildcards to select all dimensions and measures | ||
|
|
||
| When building field include policies, you can easily select all fields using `names: '*'`. For example: |
There was a problem hiding this comment.
I would change this to "When defining inclusion or exclusion policies, you can easily automatically select all columns by using names: '*" as a wildcard. For example:"
docs/docs/manage/security.md
Outdated
| names: '*' | ||
| ``` | ||
|
|
||
| Note that the `'*'` must be quoted (using single or double quotes), and must be provided as a scalar value, not as an entry in a list. |
There was a problem hiding this comment.
Probably bold: must be provided as a scalar value
docs/docs/manage/security.md
Outdated
| ### Filter queries based on the user's groups | ||
|
|
||
| Let's say additionally we want to filter queries based on user's groups and there exist a `group` dimension in the model: | ||
| You can inject the groups that a user belongs to into row filter: |
There was a problem hiding this comment.
I would probably change this to: "You can directly inject the groups that a user belongs to into the row filter itself, such as:"
No description provided.