Skip to main content

Check Row Level Security Settings

Before you move your new CRM Analytics App to your production environment, make sure you add the appropriate security as required by your business needs.

By default, security predicates for Customer Insights have been added to the following datasets.

  • Activity
  • Opportunity
  • OpportunityHistory
  • OpptyProduct
  • Account
  • Lead

These security predicates allow users to view data owned by them and others in their role and subordinates. In orgs without role hierarchy, users are able to view data owned by them.

Let’s Take a Closer Look at Security Predicates

To implement row-level security, you set a predicate for each dataset where you want to restrict access to records. Sounds complex, but a predicate is just a fancy name for a filter condition that defines row-level access to records in a dataset. When a user submits a query against a dataset that has a predicate, CRM Analytics checks the predicate to determine which records the user can access. If the user doesn’t have access to a record, CRM Analytics doesn’t return it.

Let’s see what a security predicate looks like. 

It’s easier to see the predicate on the dataset edit page.

  1. From the App Launcher, find and select Analytics Studio.
  2. On the Analytics Home tab, click All Items.
  3. Click Datasets.
  4. Find the Activity dataset.
  5. Click the dropdown menu and select Edit.
  6. Scroll to the bottom of the page, to the Security Predicate section. You can see the security predicate for the Activity dataset.

Analytics studio with Security Predicate highlighted.

The use-case described above—restricting user access to specific records—is very common. Here is an example of a predicate that performs this filter.

"rowLevelSecurityFilter":"'AccountOwner' == \"$User.Name\""

AccountOwner refers to the dataset field that stores the full name of the account owner for each sales target. $User.Name refers to the Name column of the User object that stores the full name of each user. CRM Analytics performs a lookup to see who’s currently logged in.

This predicate returns a match when the names in AccountOwner and $User.Name are the same. The user only sees data for which he or she is the account owner. Pretty straightforward, isn’t it? The Analytics Security Implementation Guide provides more information about security predicates and how to add them.

Well done! Now you can boast that you know all about security predicates in CRMA.

Keep learning for
free!
Sign up for an account to continue.
Sign Up Login
What’s in it for you?
  • Get personalized recommendations for your career goals
  • Practice your skills with hands-on challenges and quizzes
  • Track and share your progress with employers
  • Connect to mentorship and career opportunities
Skip for now