8. Authconf

8.1. Rowfilters

A rowfilter defines an filter expression on the explorer table such that the resulting view only contains rows which the user is allowed to see. The filter can include data from the user account, such as organization identifiers.

The rowfilter defines an expression (rowfilter.expression).

To include account data rowfilter.expression can include named placeholders (e.g., %(auth_rowfilter_input)s). For each placeholder, rowfilter.params must contain a key with the placeholder name and string value with a path in the account data.

Note that placeholders starting with an underscore (_) are reserved and should not be used.

As an example, consider users which are only allowed to view rows of a specific organization. Let’s assume the organization identifiers associated with a row are in column orga_id_list in the explorer table, and the account service returns an array of organization identifiers:

{
    "user": {
      "id": 1234,
      "name": "T. User"
    },
    "scope" : {
      "schema" : "test",
      "organizationIds" : [ 123, 456 ],
      "organizationName": "GP Some",
      "scopingOrganizationName": "Caregroup CG",
      "roles" : [ "admin" ]
     }
  }

The rowfilter would be as follows:

rowfilter:
  expression: "orga_id_list && %(auth_rowfilter_input)s::bigint[]"
  params:
    auth_rowfilter_input: scope.organizationIds

8.2. Scoping views

Apart from rowfiltered user views, explorer also supports scoping views; these are views which include all rows from the explorer table, but optionally mask additional columns. The scoping views are typically used to create aggregates to compare results of a single organization with average results of a complete population, for example in reports or a dashboard.

By for example masking columns identifying an organization the organizations outside the user view remain anonymous.

For each masked column the explorer table must include an additional column with an anonymized_ prefix which will be used instead in the scoping view.

8.3. Account view

Sometimes user account data can be obtained from the explorer table, which is useful for processing by components utilizing the platform API; the MGRID Portal uses the platform API to get dashboard data.

For example take a dashboard using a scoping view which masks organization identifiers. To be able to highlight data from the user’s organization (against the other organizations) it would need to know which masked (anonymized) organization identifier(s) belong to the user. These are only included in the table and not in its account data.

By defining accountview.expression this data can be included. The expression should return an array, which will be included in the account data using the account_view key.

accountview:
  expression: UNNEST(anonymized_orga_id_list)

8.4. Complete example

authconf:
  rowfilter:
    expression: "orga_id_list && %(auth_rowfilter_input)s::bigint[]"
    params:
      auth_rowfilter_input: scope.organizationIds
  scopingview:
    maskedcolumns:
      - gp_name
      - pp_name_diabetes
      - pp_name_copd
      - pp_name_cvrm
      - pp_name_elca
      - pp_orga_name_diabetes
      - pp_orga_name_copd
      - pp_orga_name_cvrm
      - pp_orga_name_elca
      - cm_name_diabetes
      - cm_name_copd
      - cm_name_cvrm
      - cm_name_elca
      - orga_id_diabetes
      - orga_id_copd
      - orga_id_cvrm
      - orga_id_elca
      - orga_id_list
  accountview:
    expression: UNNEST(anonymized_orga_id_list)