Data security

Data security

Data security involves filtering the data queried by ThoughtSpot from the data warehouse. It is the next layer of security after access control, which determines if a user can view or edit ThoughtSpot objects.

Data security in ThoughtSpot is divided into row-level and column-level security, of which row-level security is by far the most common.

Row-level security (RLS)đź”—

Row Level Security (RLS) is the term for filtering down to rows of data based on a set of entitlements for a user.

ThoughtSpot has three mechanisms for row-level security:

The OAuth workflow requires opening a new window or redirecting to the OAuth provider for the initial sign-in workflow, making it less seamless than using a service account and defining data security via ThoughtSpot. It tends to be used for non-embedded ThoughtSpot use cases or for embedded applications for an organization’s internal users with existing individual data warehouse user accounts.

Column-level security (CLS)đź”—

CLS restricts user access to specific columns of a table. When CLS is applied, users see only the columns that they are allowed to view. Object owners can configure CLS by sharing a relevant set of columns in a table with a specific user or user group.

For more information on CLS, see Sharing tables and columns.