Manage row filters

In Data Access, a row filter is a type of access control that hides all rows in a specific table or view from everyone except its beneficiaries. The beneficiaries see only the rows that meet the filter criteria that are defined in the row filter.

You can create a row filter to restrict the visibility of rows in a specific table or view. If you create a row filter, users who already have access on the table or view can no longer see any of its rows, unless you add them as beneficiaries.

Prerequisites

  • You own the table or view whose rows you want to hide.
  • To create a row filter: You have a global role with the Data Access > Create Access Controls global permission, or you own any data object.
  • To edit a row filter: You have a global role with the Data Access > Create Access Controls global permission, or you own the row filter or all of its data objects.

Steps

  1. On the Data Access landing page, in the left pane, click ACCESS CONTROLS > Row filters.
  2. Do one of the following:
    •  To create a row filter: Click Create row filter. On the Create row filter page, enter the information, and then click Create.
    • To edit a row filter: Click the name of the row filter, and then click Edit. Edit the information, and then click Save.

Result

  • You become the owner of the row filter that you created. You can add more owners by clicking Edit icon in the Owners field in the Details sidebar.
  • Data Access automatically triggers a synchronization to push the row filter to the underlying data source. Until the row filter is created or updated in the data source, the Sync status field in the Details sidebar shows Not connected (for a new row filter) or Out of sync (for an edited row filter). After the synchronization finishes, the synchronization status changes to Synced.

Guidance: Defining a row filter

Use this section to guide you when creating or editing a row filter. If the row filter was already created, on the row filter page, click Edit, and then complete the following sections.

General

Specify the basic properties of the row filter in the General section.

Field Description
Name

A unique display name for the row filter, for example, Customer Consent.

Tip The technical name of an access control is used to generate the name of the corresponding access control in the underlying data source. By default, the technical name matches the display name. To specify a different technical name, use the Advanced option. This option applies only to data sources that use named entities to represent access controls. If you change the name in the Name field after generating a technical name, the corresponding access control in the underlying data source is renamed during the next synchronization.
Description

A brief explanation of the row filter's purpose, for example, Hides customer records lacking active consent.

Filtered table

Specify the table or view whose rows you want to hide in the Filtered table section.

  1. In the Which table is filtered section, click Add.
  2. In the Where does this row filter apply dialog box, select the data source for the row filter, and then click Continue. Note that you cannot change the data source later. This step is applicable only when you create a row filter (not when you edit a row filter).
  3. In the Select the table you want to filter dialog box, select the table or view that contains the rows that you want to hide, and then click Add. You can add only one table or view to a row filter. Note that adding another table or view replaces your current selection.
Tip 
  • Remember to save your changes.
  • You can view all the identities that are explicitly assigned to the row filter, as well as those that are inherited from groups and any linked roles, by clicking Show all beneficiaries in the Filter rules section.
  • The row filter hides all the rows in the table or view from everyone, as indicated by the default filter rule All with filter criterion All Rows. If, however, you want specific identities to be able to see either all or some rows, complete the Filter rules section.

Guidance: Defining a filter rule

Use this section to guide you when creating or editing a filter rule in a row filter. You can define a filter rule only after you create the row filter.

To create or edit a filter rule, on the row filter page, in the Filter rules section, click Add (to create) or Edit icon next to the filter rule (to edit), and then complete the following sections.

General

In the General section, specify the basic properties of the filter rule.

Field Description
Name

A unique display name for the filter rule, for example, Active Marketing Consent.

Description

A brief explanation of the filter rule's purpose, for example, Shows customer records having active marketing consent.

Filter criteria

In the Filter criteria > Which rows can be accessed section, specify the criteria that determine which rows to show to the beneficiaries. Rows that meet the filter criteria are called filtered rows.

Field Description
Column

The column that you want to evaluate to determine if a row is shown to the beneficiaries, for example, a Marketing Consent column.

Operator

The operator that defines the condition between the column and the target value.

Value

The value that the column data must match for the row to be shown to the beneficiaries, for example, Active.

For security reasons, Data Access does not import actual column values from your data sources. Due to this, you need to manually enter the exact value into this field (as it appears in your underlying table or view).

Tip 
  • You can combine multiple conditions by using AND or OR logic to build more precise filter criteria.
  • You can also use the Code tab to build filter criteria. Note that if you switch to the Code tab, your work on the Build tab is lost, and if you switch to the Build tab, your work on the Code tab is lost.

Beneficiaries

In the Beneficiaries section, specify the identities who can see the rows that meet the filter criteria. You can also specify groups and other roles.

  1. In the Who has access to the filtered rows section, click Add.
  2. In the Which type of beneficiary do you want to add dialog box, select one of the following options, and then click Continue.
    OptionDescription
    Identities

    Shows only filtered rows to the identities that you specify, if they have access on the table or view containing the rows.

    Groups

    Shows only filtered rows to the identities within the groups that you specify, if they have access on the table or view containing the rows.

    Dynamic rule

    Shows only filtered rows to the identities that meet the conditions that you specify, if they have access on the table or view containing the rows.

    Roles

    Shows only filtered rows to the beneficiaries of the roles that you specify, if they have access on the table or view containing the rows, but only through the specified roles. That is, if the same beneficiaries have access on the table or view through any other role, they see zero rows.

  3. If you selected Identities, Groups, or Roles, select one or more identities, groups, or roles, and then click Add.
  4. If you selected Dynamic rule, in the Which conditions should apply dialog box, enter the required information, and then click Add.
  5. To change the expiration date (which indicates when access is revoked) for the beneficiaries:
    1. In the Expires at column, double-click the current value.
    2. In the Edit expires at dialog box, select the new expiration date, and then click Apply.
Tip 
  • Remember to save your changes.
  • You can view all the identities that are explicitly assigned to the filter rule, as well as those that are inherited from groups and any linked roles, by clicking Show all in the Beneficiaries section.

Related topics