Apply RLS to your database

Goal

Establish a secure mapping between dynamic user attributes and dataset fields to filter data at query time.

Prerequisites

• A connected database containing columns suitable for filtering (e.g., region, team_id, department).

• An existing dashboard or chart to validate the filtering logic.

• A valid API key to generate test tokens in the sandbox.

Steps

1. Verify dataset compatibility

• Navigate to the Databases tab and select the target Database and Table.

• Click Preview to confirm the presence of the column intended for filtering (e.g., a location column containing values like "Paris" or "Tokyo").

2. Define custom token attributes

• Navigate to the Settings tab and select the Embed & access section.

• Locate the Token Attributes menu under Custom Attributes.

• Click Add an attribute.

• Input a factual name (e.g., location) and select the data type (e.g., String).

• Click Save changes to register the attribute for use in authentication tokens.

3. Map attributes to database columns

• Return to the Databases section and select your Database and Table.

• Click the Access rules tab to configure security policies.

• Under the section "Then, for a row to be included...", use the rule builder to define your filter.

• In the Select dataset field dropdown, choose the column in your database you want to filter (e.g., location_name).

• Ensure the operator is set to must be equal to.

• In the Select token attribute dropdown, select the custom attribute created in Step 2 (e.g., location).

4. Enable and save RLS

• Click Save to activate the security policy.

• Verify that the RLS enabled blue tag appears next to the table name.

• You may repeat this mapping for additional tables that require the same security logic.

5. Validate the RLS policy

• Within the table view, click Preview with Token in the top right corner.

• Enter a test value for your custom attribute (e.g., Paris) and click Generate Preview.

• Confirm that the displayed data rows are strictly limited to the value provided.

6. Generate a test token and embed

• Navigate to Settings > Embed & access and scroll to the Token Generation Sandbox.

• Enter your API Key and assign a value to your custom attribute (e.g., location = Paris).

• Click Generate Token.

• Use this token in your embedded component (e.g., <tc-dashboard auth-token="YOUR_TOKEN">) to confirm the filtered view in your host application.

Conclusion

The database now enforces Row-Level Security based on the identity context passed via authentication tokens. This ensures data isolation in multi-tenant environments without the need for multiple dashboards.