> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cube.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Row-level security

> Covers applying group- and attribute-based filters so query results only include rows users are allowed to see.

The data model serves as a facade of your data. With row-level security,
you can define whether some [data model][ref-data-modeling-concepts] facts are exposed
to end users and can be queried via [APIs & integrations][ref-apis].

Row-level security in Cube is similar to row-level security in SQL databases.
Defining whether users have access to specific facts from [cubes][ref-cubes] and
[views][ref-views] is similar to defining access to rows in database tables.

**By default, all rows are *public*,** meaning that no filtering is applied to
data model facts when they are accessed by any users.

## Managing row-level access

You can use [access policies][ref-dap] to manage both [member-level][ref-mls]
and row-level security based on groups and [user attributes][ref-security-context].

Here's an example of how to filter rows by a user attribute using access policies:

<CodeGroup>
  ```yaml title="YAML" theme={"dark"}
  cubes:
    - name: orders
      # ...

      access_policy:
        - group: manager
          row_level:
            filters:
              - member: country
                operator: equals
                values: [ "{ userAttributes.country }" ]
  ```

  ```javascript title="JavaScript" theme={"dark"}
  cube(`orders`, {
    // ...

    access_policy: [
      {
        group: `manager`,
        row_level: {
          filters: [
            {
              member: `country`,
              operator: `equals`,
              values: [ userAttributes.country ]
            }
          ]
        }
      }
    ]
  })
  ```
</CodeGroup>

[ref-data-modeling-concepts]: /docs/data-modeling/concepts

[ref-apis]: /reference

[ref-cubes]: /docs/data-modeling/cubes

[ref-views]: /docs/data-modeling/views

[ref-cubes-sql]: /reference/data-modeling/cube#sql

[ref-dynamic-data-modeling]: /docs/data-modeling/dynamic

[ref-dap]: /docs/data-modeling/data-access-policies

[ref-mls]: /docs/data-modeling/access-control/member-level-security

[ref-security-context]: /docs/data-modeling/access-control/context