Home

Configuring role data filters (Advanced)

Data is the app content, which is displayed on the Unravel UI pages. Filters can be defined on app data fields as per the role.

If you enable the User data filter, then the data filtering by username is enabled. Do the following to enable the User data filter.

  1. From the installation directory, run the following command:

    <Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.<role>.data.user.filter true
    

    In <role> , you must specify the role for which you set the data filter.

  2. Stop Unravel, apply the changes, and start Unravel.

    <Unravel installation directory>/unravel/manager stop then config apply then start
    

If you enable the Tags data filter, then the data filtering by app tags is enabled. Do the following to enable the Tags data filter.

  1. From the installation directory, run the following command:

    <Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.<role>.data.tags.filter true
    

    In <role> , you must specify the role for which set the data filter

  2. Stop Unravel, apply the changes, and start Unravel.

    <Unravel installation directory>/unravel/manager stop then config apply then start
    

If you enable the Fields data filter, then the data filtering is enabled for the specified ElasticSearch fields and values. Currently, only the following ElasticSearch fields are supported:

Fields

Description

clusterId

Cluster name

clusterUid

Cluster UID

user

App user name

userName

App real user name

queue

App queue. In the case of Databricks, it is the workspace name.

kind

App type

Do the following to enable the Fields data filter.

  1. From the installation directory, run the following command:

    <Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.<role>.data.field.<field> <field_value1>, <field_value2>
    

    In <role> , you must specify the role for which set the data filter

    In <field> specify any of the supported ElasticSearch fields.

    In <field_value1>, <field_value2>, etc. specify the ElasticSearch field values.

    For example:

    /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.queue "queue1, queue2"
    /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.clusterUid "cluster1, cluster2"

    You can also use substitute fields when you set the Fields data filter. For example:

    opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.queue "queue1, queue2, \$tags.rbac_queue"
    /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.userName \$user
  2. Stop Unravel, apply the changes, and start Unravel.

    <Unravel installation directory>/unravel/manager stop then config apply then start
    

If you enable the Query data filter, then the data filtering is enabled for the specified ElasticSearch query. You can set this data filter using a property value that must be a valid Elasticsearch query. Do the following to enable the Query data filter.

  1. From the installation directory, run the following command:

    <Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.<role>.data.es.query <STRING>
    

    In <role> , you must specify the role for which you want to set the data filter

    In <STRING> specify a valid ElasticSearch query string.

    For example:

    /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.es.query "{ terms: { kind: [\"spark\"] } }"

    You can also use substitute fields when you set the Query data filters.

    Note

    Use \ to escape special characters ! $ " ' ` \ .

  2. Stop Unravel, apply the changes, and start Unravel.

    <Unravel installation directory>/unravel/manager stop then config apply then start
    
Substitute fields

Substitute fields, which are keywords, can be used in Fields and Query configurations. These get resolved to some user-related information. Thus, you can pass a specific field or a query string when you set the data filter for app data access. The following substitute fields can be used when you set the data filters.

  • $user: The field/query gets resolved to the user’s username. For example:

    /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.userName "\$user"
  • $groups: The field/query gets resolved to user’s groups. For example:

    /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.queue "\$groups"
  • $tags.<tag_key>: The field/query will get resolved to user’s <tag_key> tag value. For example:

    /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.userName "\$tags.rbac_queue"