User Attributes can be used to provide a customized experience for your Sigma teams and embedded users. They can be assigned as a function in a dataset to provide row-level security.

Summary of Content

Requirements
Create User Attributes
Assign User Attributes
Edit or Delete Attributes & Teams
   Attributes
   Teams
Row-Security with User Attributes
Custom SQL
Related Resources

Requirements

  • You must be an organization Admin to configure User Attributes. Learn more about account types.
  • Users with Can Edit or Can Explore access to a workbook or dataset can reference existing user attributes in functions.

Create User Attributes

Follow the steps below to create a User Attribute

  1. In your Sigma Admin portal, go to User Attributes and click Create Attribute
  2. In the New Attribute section, enter a unique name in the Name field.
  3. In the Description field, describe the attribute. Optional
  4. In the Default Value field, enter a default value. Sigma will use the value defined here if no value is set for a team. Optional
  5. Click Create.

    company apps

After you click Create, the attribute appears under User Attributes.

company apps

Assign User Attributes

Follow the steps below to assign a team to a User Attribute. 

  1. In the Teams Assigned section, click Assign Attribute to assign teams to this attribute.
    assign.png

  2. In the search bar, search for teams to assign this attribute to, or click in the search bar to view a list of your organization's teams. Learn more about Teams.
  3. Add a value in the Assigned Value field. 
    In the example below, West was added.

    company apps
  4. Click Assign. Your teams are now listed under Teams Assigned
  5. To reorder the priority of teams, in the Teams Assigned section, place your cursor over the drag handle thingy.png under the Priority column, and drag and drop the team to the desired priority.    

    Note: Teams are prioritized based on their order in the list. The team at the top of the list is used first. 

    company apps

Edit or Delete Attributes & Teams

Attributes

To edit or delete an attribute click on an existing attribute.  On the right, you can click Edit to edit the attribute, or click Delete Attribute to delete it. 

In this example, we chose Region Attribute.

edit_att.png

Teams

To edit or unassign a team, click on the 3 dots to the right.  Click Edit Value to change the attribute and Unassign to dissociate the team from this attribute.
 
edit_team.png

Row-Security with User Attributes

Once you create and assign a user attribute to teams, you can use this functionality in a dataset to enforce row-level security using the function CurrentUserAttributeText in a formula.  

CurrentUserAttributeText(“attributeName”) = [column]

Example: this example uses the configuration above. An admin adds a column named [Region] into a table, creates a user attribute called Region Attribute, and assigns the attribute to a team containing the users listed below. A value is added for each team in the Assigned Value field. 

In the example configuration above, there are two different teams assigned to the same attribute. A different value for the region attribute is assigned to each team:

  • Sales US-West is assigned the value West
  • abc is assigned the value Midwest

Once you create a calculated column in the dataset as follows and add a filter on this column with only True selected, team members will only see the rows that correspond to their value in the Region column.

In our example, Sales US-West can see rows with West value in the Region column because we defined Assigned Value as West.

CurrentUserAttributeText(“Region Attribute”) = [Region]

The value entered in Assigned Value for a team limits what they see based on that value. 

In our example, the rows that members of team Sales US-West can view are limited to the rows with the value West in the Region column. If the value in the Region column is Midwest, then members of Sales US-West can't see these rows. 

Custom SQL

Once you successfully configure User Attributes, you can use them in a Custom SQL dataset to provide security. For instance, assume that data for each customer is present in a separate schema. You can leverage Custom SQL to switch the schema based on the user.

Note: To use Custom SQL in the manner described above, the tables must have the same schema. 

Create a Custom SQL Query 

We will use a Custom SQL dataset to demonstrate the example above.  In a dataset using the formula below, Sigma will switch the schema based on the value assigned to the “schema_name” user attribute.

select * from test.{{#raw system::CurrentUserAttributeText::schema_name}}.orders

In the query above, note the following function. 

The line below from our example formula, retrieves the schema_name attribute value for the current user.

#raw- Removes quotations from the value and allows you to insert raw text. 

test.{{#raw system::CurrentUserAttributeText::schema_name}}

This syntax can be used anywhere in the SQL statement for any user attribute e.g. it can be used to switch the database name, table name, in the select clause or where clause.

Related Resources

Workbook Row-level Security
Dataset-Row Level Security