Hi, I am having issues on the user filter brick. It does work partially. Let’s imagine I want to filter my users access to only some “accounts”. My current implementation of this brick allows me to do this part without any issue. If I have the account ids that can be of values [1, 2 , 3 , 4 ,5], if I run my user filter brick with 2 rows inside my table with one time “account_id” being 1, and second row being “2”, I will have a filter that effectively filter my access to only the accounts 1 and 2. But then the issue is, if I want to then add the account 3 to my user, it will not add it because if it failing and telling me inside the brick that the “account_id” 3 is a missing value that does not exists. So my user will just have the access the the accounts 1 and 2. Not 1, 2 and 3 like I desire. I have to delete the permissions in order to run the brick again to make it work and limit my access to 1, 2 and 3. Another issue related to this one is, if I had filtered down my userA to the account 1 and 2, I can’t add a new row of userB filtered to the account 3 for example. It is like having an array of existing possibilities being [1, 2 , 3 , 4 ,5] at first, then once a filter brick is run, it will create a new array of possibilities being only the one use on the first run : [1,2]. And so it is failing every time I want to create a new permission on a value not existing in the second array. Here are my current params used.

Hi Julio, thank you for the detailed description. Could you tell me a little more about the actual steps you take to perform the change in the filters? Do you add another row to the table on the Input file, containing your user and id [3]? Also, you mentioned that you get an error message. Would you share the exact error message you are getting, please? Would you kindly also share with me the contents of the

input_source

and

filters_config

parameters in the brick? In fact, if there are any parameters that are not in the screenshot, please include them, too. You can send this as a Direct Message, as it may contain sensitive data. Thank you!

@Francisco Antunes im still having the same issue after removing the Distinct in my query. Here’s what i did for testing: accountId available in workspace = [1000, 1001, 1002, 1003] 1. table filter is empty 2. i add a row with (login = exemple@gmail.com, account_id=1000 , client_id=workspace_1) 3. i added an other row (login = exemple@gmail.com, account_id=1003 , client_id=workspace_1) 4. i run the user filter brick 5. My user exemple@gmail.com now has only access to the account with the id 1000 and 1003 6. i go back to my table and add a new row(login = exemple@gmail.com, account_id=1002 , client_id=workspace_1) 7. i run the user filter brick 8. At this moment i would get the error that would say that the Space Id with value 1002 doesn’t exist

Hello @Julio Guercioni, the main issue here is that you are using the User Filter Brick to provision users to the workspaces. Note that this brick is for managing user access to the data in a workspace (not the access to the workspace itself) based on data filters. You will need to click the “Redeploy” button so you can switch it to the correct brick (I have attached a screenshot showing its metadata details). Make sure to configure the new brick with the correct parameters as shown in the documention and recheck your setup to avoid any accidental data leakage. Details about the user brick can be found in our documentation here: https://help.gooddata.com/doc/enterprise/en/workspace-and-user-administration/managing-workspaces-via-life-cycle-management/bricks/users-brick/.

Hello @Moises Morales. I am also working on that project with Julio. We currently have a user brick that add our users to the domain and their respecting workspaces. It works fine without any issue since a few months. I've tried to configure this user filter brick because I need it in order to put some restrictions (filters) on my users inside a single workspace. My workspace is basically a group of accounts. All my data is linked to the notion of "account_id". Every column is filterable by this notion. So my goal was to use the user filter brick to limit the access on some users to see only the data of the accounts they are allowed to. Like Julio said, for example if I have a workspace that has data from the accounts 1, 2, 3, 4 and 5 and that I want a user to have access to only a subset, it works. I can limit my existing user already in the workspace to not see all the accounts mentionned but the ones that I put a filter on. Like julio said, I'll have something like in my database:

account_id   login  workspace_id
1   <mailto:example@test.com|example@test.com>  workspace_1
2   <mailto:example@test.com|example@test.com>  workspace_1

It will put my user with this login "example@text.com" to only have access to data from the accounts 1 and 2 in the workspace_1. This part works perfectly. The issue is if I want to ADD for example an other permission after this like:

3   <mailto:example@test.com|example@test.com>  workspace_1

then you would think that my user will gain some access, to be allowed to see the data from the account 3 with the account 1 and 2 and he already has access, but no, it will not grant him anything more. On the opposite, if I were to remove one row of access, for example for the account 2, it will update my user permission and he will only see the account 1 from now on.