Apply RLS to your database

Objective

In this tutorial, you will learn how to apply Row Level Security (RLS) to your database in Toucan AI. This will ensure that users see only the relevant data based on their attributes, such as location, department, or role.

Prerequisites

• A connected database with data containing columns you can apply security to (e.g., location, department).

• A valid token with custom attributes (we will see how to add attributes to tken here)

• A dashboard already created that you want to apply RLS to.

Steps

1. Ensure Your Database Has the Required Columns

• Navigate to the Database section in Toucan AI by clicking on the Database tab.

• Select the database, then the Table you want to apply RLS to.

• Click on Preview to inspect the data. Make sure your database contains a column that you can use for filtering data, such as a location column.

  • For example, your column might contain values like Tokyo, Paris, or Berlin.

2. Create a Custom Attribute for RLS

• Go to the Settings tab in Toucan AI.

• In the Embed section, scroll down to find the Token Attributes menu under Custom Attributes.

• Click on Add an Attribute.

• Name the attribute (e.g., location) and set its type as String. This will allow you to filter data based on the location.

• Click Save to add the custom attribute.

3. Map the Custom Attribute to Your Database Column

• Return to the Database section and select the Table you are working with.

• Click on the RLS (Row Level Security) menu.

• In the RLS settings, you will see a mapping field. This field allows you to map your custom attribute (e.g., location) to a specific column in your database.

  • In the "Select Token Attributes" dropdown, select your custom attribute (e.g., location).

  • In the "Select Dataset Field" dropdown, choose the column in your database that corresponds to the custom attribute (e.g., location_name).

4. Save the Mapping

• After setting the mapping, click on the Save button. This will apply RLS to your database, ensuring that only users with matching attributes (e.g., location = Paris) can access the corresponding data. The blue tag "RLS enabled" will be displayed next to the table name.

• You can apply this RLS on the other tables if needed.

5. Preview the Data with RLS Applied

• You can preview the data with the RLS applied by clicking on Preview with Token.

• Enter a value for the custom attribute (e.g., Paris) and click Generate Preview.

• The preview will display data filtered by the value you entered (in this case, only data from Paris).

6. Generate a Token with the Custom Attribute

• To test the RLS in action, you will need to generate a token with the custom attribute applied. Follow the steps from the Generate a Sandbox Token .

  • Go to the Settings > Embed tab.

  • In the Token Generation Sandbox section, enter your API Key and select the value for your custom attribute (e.g., location = Paris).

  • Click Generate Token.

7. Embed the Dashboard with RLS

• Once the token is generated, use it to embed your dashboard as shown in the tutorial "Embed a Dashboard".

• The embedded dashboard will now show only the data corresponding to the custom attribute in the token (e.g., data from Paris only).

Conclusion

Congratulations! You have successfully applied Row Level Security (RLS) to your database in Toucan AI. This ensures that only relevant data is displayed to users based on their attributes, enhancing the security and relevance of the information they can access.