Create Data Permissions for Rolling Time Periods

This article describes how to create data permissions for rolling time periods.

A data permission is an attribute-based data access control, which workspace administrators can use to limit sensitive or irrelevant data displayed to users who are assigned the data permission. For more information, see Data Permissions.

Using data permissions for rolling time periods, you can limit data access for users to a specific time period relative to the present.

For example, your workspace contains data from the previous three years and more is being added continuously. Through user testing, you discover that some users are not using data from previous years at all. Rather than changing the data of the underlying workspace, you can define a data permission to the appropriate date attributes and apply the data permission to limit each user’s ability to see data from the current year only.

Prerequisites

Gather the following information:

  • Workspace ID (see Find the Workspace ID)
  • The URI of all users to whom you want to apply the data permission (see API: List all users in a project)
  • The URI of each attribute of each Date dimension that you want to use in the data permission (to obtain those, you can navigate to the gray page at https://secure.gooddata.com/gdc/md/{product_id}/query/attributes)

Supported Keywords

Data permissions are applied based on individual attribute values. For the rolling time period implementation, the specific attribute values to reference in the date dimension change with each time period. The current year may be 2013 for now, but it will soon change to 2014, so you cannot set the filter definition on a fixed attribute value.

To manage these dynamic values, you can apply one of the following keywords to your data permission expressions:

  • PREVIOUS to filter for the previous value of the Date attribute
  • THIS to filter for the current value of the Date attribute
  • NEXT to filter for the upcoming value of the Date attribute

Apply a Data Permission for Rolling Time Periods

Steps:

  1. Go to the gray page for assigning data permissions:

    https://secure.gooddata.com/gdc/md/{workspace_id}/userfilters
    
  2. In the User field, enter the URI of the user to apply the data permission to.

  3. In the UserFilters field, enter the data permission expression. In the following example, note the use of the THIS keyword to specify the attribute value.

    {
      "userFilter": {
        "content": {
          "expression": "[/gdc/md/{workspace_id}/obj/{attribute_id}]=THIS"
        },
        "meta": {
          "category": "userFilter",
          "title": "This Year Only"
        }
      }
    }
    
  4. Click save. The data permission is applied to the user.

  5. Repeat Steps 1-4 for all the users to whom you want to assign the data permission.

  6. If you are applying rolling time period data permissions to a workspace that already contains reports, review the titles and descriptions of the reports to verify that they are still accurate after the data permissions have been applied.