Column level security

Column Level Security allows admins to control the granularity of shared data across dashboards.

Note: Column Level Security applies only to Dashboard and Visualizer views. We recommend preventing secured users from accessing Designer. Data is hidden based on the security setting and what information the user has access to through their Custom Subject Area (CSA).

Column Level Security has the following three security levels:

Display all columns in a report: This is the default. It displays all columns in a report even if the user does not have the column in their CSA.
Hide only secure columns in a report: This setting hides any columns in a report the user does not have access to in their CSA. The user only sees the columns they have access to through their CSA.
Note: This setting only applies to Dashboards and Visualizer. When attempting to access reports containing secure columns through Designer, the report does not open.
Hide entire report containing secure columns: If a report contains any columns that are not listed in a user's CSA, the entire report is hidden from the user.

If Hide only secure columns in a report is enabled for a space, the following security settings are enforced:

If then dashlet can still render after removing secured columns for a given user, Birst displays the report with only columns the user has access to.
If a secured column is used to sort a report, it is removed from the query run to return results for a user that does not have access to the column. This could lead to a different result set being returned for secured users when compared to the result set obtained by non-secured users.
Users cannot open reports in Designer that contain columns they do not have access to.
SavedExpressions is secured if at least one of the objects contained in its expression definition is secured.
In some scenarios, this message displays: This chart cannot be visualized as its definition requires columns that are not accessible in the current security settings. This can happen when:
- The dashlet is being filtered with at least one secured column.
- The dashlet can no longer be rendered with only the columns the user has access to.
Column selectors can be used as fallback columns in place of secured columns in a report. If a secured column has column selectors enabled with columns the user has access to, Birst supplies a selected column in place of the secured column.

For example, a user who has access to the columns for Customer, No. of Orders, and Total Sales would see all three in a report.

Full report

A user who does not have access to the Total Sales column would only see the Customer and No. of Orders columns in the report.

Limited access report view

A user who does not have access to the necessary columns would see this message: This chart cannot be visualized as its definition requires columns that are not accessible in the current security settings.