Blog by Stanley Sequeira | Oct 12, 2015
Just like when we design a Sales / Service implementation a lot of thought is put into designing the security model, in a similar way security is vital in the implementation of Analytics Cloud on Salesforce WAVE.
So to put this perspective in picture, there are a lot of use cases where you’d want your WAVE dashboards to pull in data what is Owned by a user or their team. So the idea is, even with the same data set; the result would vary based on who is logged in into the application.
As you’re already aware by now Salesforce WAVE can poll in information from multiple data sources. This Security concept would apply not just to Salesforce Data but all the data originating from various Data Sources.
Here in this chapter, we’ll look at –
- Owner-based Security
- Predicate Filters and it’s Syntax
Owner-based Security
Step 1: You can prepare a Sample Quota file in .CSV format which contains the following headers
- QuotaOwnerId
- OwnerName
- Target
- QuotaAmount
- StartDate
Make sure you have unique QuotaOwnerIds to different Owners.
Step 2: Click Create on the Dataset and upload this file. Give the name Quota_Data
Step 3: Click on Preview Data
Step 4: Click on QuotaOwnerId
Step 5: Click on Dimension. This should change QuotaOwnerId from a Measure to a Dimension and then click Submit.
Step 6: Click on Create Dataset
Step 7: Click on the newly created Quota_Data dataset. Change the Count of Rows to Sum of Target and group by Owner Name
Here you’ll notice that you can see your information as well as the target information for All the other Sales Reps.
As you can tell this is not the ideal use case for an enterprise scenario where every Sales Rep in an organization is looking at information of other people in the organization. So there is a need to enforce security based on ownership.
The End Result here is we’d like to restrict data based on the user who has logged in. The way to do that is to enforce a Predicate Filter on the Data set.
Step 8: Hover on the Quota_Data dataset and click Edit
Step 9: Enter the following string in the Security Predicate section and click Update Dataset.
'OwnerName' == "$User.Name"
Step 10: Now when you back to the Lens, you’re only able to see the data which is owned by the logged in user which is currently me. The Count of Rows has gone down which indicates the filtering has been put into effect.
If you Group by Owner Name, you’ll only see the data owned by you.
Most filters on the Lens/Data Set on the UI are only Client Side filtering; which means when you apply a filter, Server sends you the results back. But by using Predicate filters, it’s actually a filter on the Server Side Data.
So Owner Based Security can be enforced using the concept of Predicate Filters which is nothing but Server Side Filtering.
Predicate Filters Syntax
The predicate filters follow a very strict protocol and it needs to have three parts –
<dataset column> <operator> <value>
- The expression is case-sensitive
- The expression cannot exceed 1,000 characters
- There must be at least one space between the <dataset column> , <operator> and <value>
<dataset column>
Predicate filter should at least have one dataset column
- Column names must be enclosed in single quotes (‘).
e.g. ‘Region’ == \”South\”
- Single quotes in column names must be escaped.
e.g. ‘Team\’s Name’ == \”West Region Accounts \”
- Dimensions are in single quotes and specific values are in double quotes
<operator>
- Logical Operators
e.g. &&, ||
- Comparison Operators
e.g. !=, ==, <, <=, >, >=
<value>
| Value Type | Predicate Expression Examples |
| String literal | · ‘Owner’ == \”Amber\”
· ‘Stage Name’ == \”Closed Won\” |
| Number literal | · ‘Expected_Revenue’ >= 2000.00
· ‘NetLoss’ < –1000 |
| Field value | · ‘Owner.Role’ == \”$User.UserRoleId\” |
Some Examples –
‘Expected_Rev’ > 1000 && ‘Expected_Rev’ <= 3000
‘Owner’ = \”Stan\” || ‘Owner’ = \”Santosh\”
nextgensalesforce 
One thought on “Salesforce WAVE – Row Level Security Explained”