Table-level data security

tseamans

I am trying to find a way to wall off data sets from Editor and Priveleged users who can create cards.  For instance, I don't want all non-participant users accessing our HR data if they have access to a single card that points to the data set and then have them build a card off that dataset.  (I realize that PDP might work in this case...)

 

Additionally there are users in editor roles that shouldn't ever see this data in the system, but my worry is that they will be able to search and use this data in a card to then review.  Is this possible and how do i restrict a table from view for this group.  (example, I don't want engineering seeing HR data at all)

 

 

AS

You'll want to use PDP for sure.  It's very thorough and pervasive.  More so than publication groups.

To start all you have to do is just turn it on for each dataset.  By default only admins and dataset owners can see the data.  Editors and Privileged users will retain their rights, but they can't see your HR data until an admin or owner of the dataset gives them that access.  With PDP, it will stay that way in purpituity and everywhere, even if someone shares a card with them or they have access via pages with cards built on the data.  But PDP doesn't follow through on dataflows, so any outputs would need PDP as well.