Skip to main content
User attributes allow you to implement row-level security by filtering data based on user-specific values. This documentation explains how to set up and use user attributes for access control.

Creating User Attributes

  1. Navigate to the Admin section
  2. Go to the Attributes section
  3. Click to create a new attribute
  4. Configure the attribute:
    • Set a name
    • Choose the type
    • Optionally set a default value
    • Optionally set a display name

Setting User Attribute Values

User attributes can be set on a per-user basis:
  1. Navigate to the user’s page
  2. Locate the attributes section
  3. Set the desired attribute value (e.g., setting city to “Los Angeles”)

Implementing Row-Level Access Policy

To filter data based on user attributes, implement an access policy in your views: 
views:
  - name: orders_view
    access_policy:
      - role: "*"  # Applies to all roles
        row_level:
          filters:
            - member: customers_city
              operator: equals
              values: ["{ securityContext.cubeCloud.userAttributes.city }"]

Security Context

The user attributes are available in the security context object: 
{
  "securityContext": {
     "cubeCloud": {
        "userAttributes": {
           "email": "user@example.com",
           "customers_city": "Los Angeles"
        }
        "roles": {}
     }
  }
}

Effect on Queries

When the access policy is implemented, queries will automatically be filtered based on the user’s attributes. This ensures users can only access data that matches their attribute values.
The path to access user attributes (securityContext.cubeCloud.userAttributes) will be simplified in future updates to allow direct access through user attributes.
I