cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Warehousing & Analytics
Engage in discussions on data warehousing, analytics, and BI solutions within the Databricks Community. Share insights, tips, and best practices for leveraging data for informed decision-making.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RLS

Leif
New Contributor

Thursday

Hi,

I have created a function that I have applied as a row filter function to multiple tables.

The function takes one input parameter (a column value from the table). It then uses session_user() to look up a user in our users table. If the user is found, we look at the users access rights which is specified in the users table. That value is compared to the input parameter to return true or false if the user can see or not see this row.

This does not work now, but I am certain that I had it working before. Why does it not work? This is the function:

EXISTS (
   SELECT 1
   FROM {table} AS users
   WHERE user_name = session_user()
      AND (
         users.{id col} = {param}
         OR users.{id col} IS NULL
         OR users.{id col} = ''
      )
)

thanks in adavance!

0 Kudos
2 REPLIES 2

emma_s
Databricks Employee
Databricks Employee

Thursday

Hi, It's difficult for me to troubleshoot without seeing the actual data. Have you validated that the raw data hasn't changed? There could be some update at your end to the format of session.user and it not matching your table. Is there any error message? If I understand correctly what you're trying to do, then a better way maybe using ABAC and adding users to groups rather than the tabular approach.https://docs.databricks.com/aws/en/data-governance/unity-catalog/abac/

0 Kudos

Leif
New Contributor

yesterday

Hi,

Thanks for the reply! Yeah, no the raw data has not changed at all. My thought is, can the row filter function handle reading from another table than the raw data table? I mean, I do a read in the users table to find a value, and want to compare that value to the value from a column in the raw data table. Is that supported? I konw I had this working before so perhaps Databricks changed some rule or something?
I will take a look at that ABAC you suggested. That is setting up policies, right? I tried that, and created a new Tag on a column in my table, but that Tag was then not available to select in the policy, so there was no way I could run the policy to get the parameter for my function that way.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements