Embedding Safely


We are working on a Business Intelligence project in our company. We created a dashboard with some analytical visuals. Now we want only each department to see its respective data on the dashboard, that is, for example, Department A, cannot see data from Department B. What is the best way to do this, either by allowing access to Metabase or by embeding the panel in an application?

Thank you.

I embed a dashboard in an IFRAME with C# application to handle the filters. At the moment, a dropdown selects the filters to use, but could easily be changed to do it automatically using the web page’s security.
You lock the filter in the dashboard, then pass the value.

If I understand, well, do you pass the value in the url? But this is hidden right, because otherwise other users can simply change the value of the url filter and see data from other departments. In my case, the goal is to incorporate, using Java

Not in the url (though that is an option). You create a JWT payload that contains the parameter values.

Got it.
Now, how access is individual for each user, simultaneously or not, where do I get user data for example, to pass as a parameter in the payload?

Two choices. In the Enterprise Edition ($$$), you can have row level security.
In the regular edition, you need to have security table that joins to the question, then pass the parameter based upon the user’s login to the web page.

1 Like