Quick Q on Dynamic User based reports. Say I have an Orders DB with order_email , order_no,order_date etc etc, and share this report/dashboard. How do I make is so that the report is dynamic, and only display the relevant data for the person that is authentication. Example bob@gmail.com has 2 records, but bill@gmail.com has 5 records. This is based upon OIDC. So the report/dashboard needs to understand and access_token , inspect user_info endpoint in OIDC , extract the email , and relate it to the DB table ORDERS, with a filter on order_email

Hi Simon, if I understand correctly, what you are asking for is row-level security. Depending on your needs, this can be achieved on a workspace level with hierarchy of workspaces and workspace data filters: https://www.gooddata.com/docs/cloud/workspaces/workspace-hierarchy/ (here the value to be filtered on needs to exist in every dataset you want to use it in) or for different users within the same workspace by User Data Filters: https://www.gooddata.com/docs/cloud/workspaces/user-data-filters/ (here the filters are propagated across the arrows in the data model) Both approaches can be combined as well (user with user data filter within a workspace with workspace data filter). Both options work based on the user account and its pre-defined permissions.

Hi Michael that sounds about right. But just to check and make sanity. I would we using OIDC with JIT_provisioning, so there are no static users defined locally. These are all from an external IDP like Auth0 using OIDC

I see, in that case, based on https://www.gooddata.com/docs/cloud/manage-organization/set-up-authentication/#just-in-time-jit-user-provisioning the users will be created/updated on the GoodData end by the JIT call. And for the permissions, it will be important to make sure you have User Groups defined in GoodData in advance with their permissions set, and provide the user groups each user should be member of in the

urn.gooddata.scope/user_groups

scope of the JIT call. The user data filters can also be defined for User Groups