Markings and roles provide powerful access controls, but some situations require more granular permissioning. For example, it may be insufficient or inappropriate to grant access to all objects of a certain type; some object types may need to surface different objects to different users, as when a company limits its sales representatives to viewing customers at their assigned branch. Restricted Views can provide this additional level of access control.
Users interact with Restricted View resources in Foundry, and Restricted Views are powered by Granular Permissions. Restricted Views limit dataset access to only the rows that a user has permission to see. A Restricted View is built on top of a backing dataset and cannot be used as an input for transforms. The policy for a Restricted View determines the specific rows a user can see and is typically defined by a user with the Owner role upon creation of the Restricted View. After creation, the Restricted View can be used as the backing data source for an object type in your Ontology. For example, if one row in the Restricted View is represented by one object in the Ontology, the Restricted View would control what objects users can see based on the object type the Restricted View is backing.
The policy is the core of a Restricted View. A Restricted View policy is a set of rules and/or logical operators that compare different user attributes, columns, and/or values to determine which rows the user can see. Restricted View policies are flexible and can support a range of comparisons and terms such as:
Most, if not all, policies will involve at least one term that is compared with a user attribute. At least one such term is necessary for user-based permissioning.
When referencing a user, group, or Organization, the policy requires the unique identifier (UUID) in both the policy column and the policy definition. Specifying names instead of IDs is not supported to prevent renaming-related issues.
Below is a list of supported user attributes in Restricted View policies:
ri.multipass..organization.
Assume that you want to build out an object type that surfaces different objects to different users. The first step is to design your Restricted View policy. Consider the following questions:
In the example below, the Restricted View policy includes two rules that can be applied:
We recommend the following guidelines when designing a Restricted View:
After you’ve determined the design of your Restricted View policy, make any pipeline and Project changes needed to power it. With a Restricted View policy and pipeline in place, you can move on to creating your Restricted View.
Users with an Owner role or the necessary permissions can create Restricted Views downstream of a dataset with a right-click contextual action:
The Restricted View creation dialog has the following steps:
Name your Restricted View and select a save location. Typically, you will want to save your Restricted View in a different Project to the input dataset so that users consuming the Restricted View can all have View permissions on the downstream Project. Alternatively, you can save the Restricted View in the same Project as the input dataset and utilize Markings to protect the input dataset.
You can create rule-based policies using user attributes, column names, and specific values. See Restricted View policies for more information.
Users that should only access sensitive data through a Restricted View should not have access to the upstream dataset. In this step, you can review the access requirements for both the dataset and the Restricted View you are creating. If you have appropriate Marking permissions, you can remove inherited Markings from the Restricted View and/or apply Markings to the upstream dataset.
The Summary presents the final proposed access controls for both the dataset and the Restricted View. If you are satisfied with the Summary result, click Create to start an initial build of the Restricted View.
When the Restricted View is created, a build schedule will be automatically created in the background that will rebuild anytime the input dataset updates.
Review the management documentation on how to use Restricted Views to back object types.
You can create a Restricted View based off of a dataset with a column of Markings. Each row will only be visible to users with the necessary Marking access. For example, in the Restricted View below, a user needs both A1 and A2 to view the first row, and needs B1 to view the second row.
Data | Markings |
---|---|
Row 1 | [A1, A2] |
Row 2 | [B1] |
Follow these steps to create a Marking-backed Restricted View:
The dataset from which a Restricted View is created must contain a column of Marking IDs.
For example, the following dataset contains a single security Marking per row:
Data | Markings |
---|---|
Row 1 | zy345123-6789-1234-5678-123451234567 |
Row 2 | st999999-8888-7777-6666-555555555555 |
As another example, this dataset contains lists of Markings. The sample CSV below can be uploaded directly to Foundry, though you will need to manually modify the inferred schema by going to Details > Schema and changing "type": "STRING" to "type": "ARRAY, "arraySubtype": { "type": "STRING" }.
Data | Markings |
---|---|
Row 1 | [ab888888-7777-6666-5555-123456789012, gh111111-2222-3333-4444-555566667777] |
Row 2 | [cd345678-1111-2222-3333-123456789102, jk765432-1111-2222-3333-345678912345] |
Inclusion of Restricted Views in Marketplace products is in beta.
Use Foundry DevOps to include your Restricted Views in Marketplace products for other users to install and reuse. Learn how to create your first product.
Only string
and boolean
constants are supported. Constants can only be compared to fields (columns) or "the user’s groups" user property. Marketplace currently does not support multiple field-constant comparison conditions using the same field.
To add a Restricted View to a product, first create a product and then select the Restricted view content type as below.
Adding a Restricted View to a product packages the Restricted View's policy, not the data.