Overview

Row Level Security (RLS) is a way within Cosmos to define security on the underlying data for a particular user. For example, you can restrict the data so that if a specific person runs a report they will only see data where the Department Code is Finance or where the Salesperson Code matches their salesperson code. This enables you to ensure that access to certain data is restricted to only the users that should be able to see it.

Details

To configure Row Level Security for a user you will need to have the Data Model Editor role assigned to you, since the security is tied directly to the data model. 

After logging in to the Cosmos Portal, navigate to the Row Level Security section on the far left. You will see a list of all users that have access to the Cosmos environment that you are in:

To set security for a particular user, click the pencil icon to the right of their name to edit their security permissions. The Edit Row Level Security window will then open. 

To configure security for a user, you will pick the table and field to apply the security to and then enter the value that they should be allowed to see for that field. If the user needs to be able to see data for multiple values for the same field (such as Salesperson Code = AB and Salesperson Code = CD) then you will click the Add Filter button. This will add a new row so you can continue adding more tables, fields, and values for the user.

Configuring the example mentioned above will look like this:

You can also configure security for multiple tables by selecting the new table and field, entering the value for that table, and clicking Add Filter. 

Once you are done, click Save to save the changes. 

If security hasn't been defined for a particular table then it is assumed that the user should have access to everything in that table. This is intended to keep the security setup light and easy, as you only need to worry about restricting data to tables where the user should only see certain values. 

If you don't want a user to have access to any data in a table then you can select the table, pick a field in the table such as Company, and enter a value for which there is no data, e.g. Company = X. Assuming there isn't a company named "X" in your BC environment, the user won't be able to acces any data in that table since there will never be a match.

To edit security for a user, you can click on any of the pencil icons to the right of each security rule to modify it, or you can click the delete button to remove the rule altogether.