ABAC JWT migration guide
26.3.0.cl
Cloud (Latest)
26.2.0.cl
Cloud
10.15.0.cl
Cloud
10.14.0.cl
Cloud
10.10.0.sw
Software (Latest)
10.1.0.sw
Software

ABAC JWT migration guide

Administrators can migrate their existing implementation of ABAC with JSON Web Token (JWT) to the new ABAC via RLS model, where:

  • Row-level security (RLS) rules are defined in ThoughtSpot on tables and data models

  • JWTs only provide values for variables used in those RLS rules, instead of sending full filter rules.

Supported migration paths🔗

Important notes and considerations🔗

Review the information in the following sections before getting started with the migration.

ABAC feature support🔗

The legacy JWT ABAC implementation methods will be deprecated and removed in a future version. The legacy methods will not receive new enhancements or workflow improvements. Therefore, we recommend migrating your existing deployments to ABAC via RLS and testing the rollout before the legacy implementation options are removed from ThoughtSpot.

Persistence behavior🔗

ABAC via RLS does not support session-based ABAC rules ("persist_option": "NONE"). If your implementation currently relies on session-based rules:

  • Create dedicated user accounts for your application users. You can use REST APIs to automate user creation, update, or deletion.

  • Apply persisted security rules to those users.

  • Use cookieless authentication with these persisted users.

This approach addresses all use cases that previously relied on session-based JWT and ensures Liveboard schedule attachments enforce security rules and deliver only secured output to your end users.

Table joins🔗

The filters in JWT ABAC Beta implementation respect MODEL JOINS. However, RLS by default is an INNER join. If you want to adjust behavior for your implementation, contact ThoughtSpot Support.

Next steps🔗

Choose the migration path that best suits your current implementation and complete the migration steps. Refer to the following guides for migration and rollout instructions:

Additional resources🔗

© 2026 ThoughtSpot Inc. All Rights Reserved.