Row-level policy filters

Implement row-level security in embedded Tellius Vizpads using userId tokens and postMessage to enforce data access policies per user.

Steps to apply row-level policy

The URL needs to be obtained from the Tellius app. To know how to get the URL, please refer this section.

Here's a sample URL:

http://localhost:3000/dashboard/de013a62-5d0a-4f2d-be9f-1a3a29773085/9d4efeba-f296-49f0-b3c0-57c59dd00f5b/&token=<your_token_here>&userId=a9df4-bb80-6a517

If row-level policy filters need to be applied, the connecting process is different from the process outlined in this section. In this case, userID needs to be included in the URL. The presence of userID in the URL indicates that the embedding app needs to send INITIALIZE_ROW_LEVEL_POLICY postMessage along with the required row-level filters to Tellius. Tellius will apply these filters to the Vizpad.

If userID is present in the URL and the embedding app fails to send row-level filters, an error message "We did not get row-level policy" will be sent, and the Vizpad will not be rendered. If userID is not present in the URL, the required Vizpad will be rendered without applying any row-level policy filters.

Connect with Tellius

  1. To connect with Tellius, the embedding app needs to send a message called INITIALIZE .

  2. Immediately after sending this, the embedding app sends a message INITIALIZE_ROW_LEVEL_POLICY with row-level policy filters.

  3. Tellius validates and responds with the message TELLIUS_INITIALIZED .

The structure of INITIALIZE and INITIALIZE_ROW_LEVEL_POLICY is given below:

 var telliusFrame ;
   document.querySelector("iframe").addEventListener("load", function() {
       telliusFrame = document.getElementsByTagName("iframe")[0].contentWindow;
       telliusFrame.postMessage('INITIALIZE', "*"); 
       telliusFrame.postMessage({
               actionType: "INITIALIZE_ROW_LEVEL_POLICY",
               rowLevelPolicies: [{
                       "rowLevelPolicy": {
                           "operator": "and",
                           "args": [
                               {
                                   "value": "Second Class",
                                   "field": "Ship_Mode",
                                   "condition": "="
                               }
                           ]
                       },
               },
               {
                       "rowLevelPolicy": {
                           "operator": "and",
                           "args": [
                               {
                                   "value": [
                                       "Wuhan"
                                   ],
                                   "field": "City",
                                   "condition": "in"
                               }
                           ]
                       },
               }],
           }, "*")   
   })

Supported filters

Please refer to the Operators and Timeline filters.

Sample code for timeline filter

telliusFrame.postMessage({
               actionType: "INITIALIZE_ROW_LEVEL_POLICY",
               rowLevelPolicies: [
               {
                       "rowLevelPolicy": {
                           "operator": "and",
                           "args": [
                               {
                                   "value": undefined,
                                   "field": "Ship_Date",
                                   "condition": "last 6 years"
                               }]
                       },
               }],
           }, "*")

Sample code for custom range filter

telliusFrame.postMessage({
               actionType: "INITIALIZE_ROW_LEVEL_POLICY",
               rowLevelPolicies: [
               {
                       "rowLevelPolicy": {
                           "operator": "and",
                           "args": [{
                              "value": {
                               start: "2008-06-06T00:00:00.000+05:30",
                               end: "2013-06-10T00:00:00.000+05:30"
                               },
                              "field": "Ship_Date",
                              "condition": "custom"
                               },
                           ]
                       },
               }],}, "*")

If any Viz fails to be rendered, Tellius sends the following message to the embedding app.

{
   "actionType":"VIZ_RENDER_FAILED",
   "vizId": UUID, // viz id which failed to render
   "errorMessage": "" // reason why rendering failed
}
PreviousAdding a Viz to a VizpadNextEmbedding Insights

Last updated

Was this helpful?