Configuring role data filters (Advanced)
Data is the app content, which is displayed on the Unravel UI pages. Filters can be defined on app data fields as per the role.
If you enable the User data filter, then the data filtering by username is enabled. Do the following to enable the User data filter.
From the installation directory, run the following command:
<Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.
<role>.data.user.filter trueIn
<role>, you must specify the role for which you set the data filter.Stop Unravel, apply the changes, and start Unravel.
<Unravel installation directory>/unravel/manager stop then config apply then start
If you enable the Tags data filter, then the data filtering by app tags is enabled. Do the following to enable the Tags data filter.
From the installation directory, run the following command:
<Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.
<role>.data.tags.filter trueIn
<role>, you must specify the role for which set the data filterStop Unravel, apply the changes, and start Unravel.
<Unravel installation directory>/unravel/manager stop then config apply then start
If you enable the Fields data filter, then the data filtering is enabled for the specified ElasticSearch fields and values. Currently, only the following ElasticSearch fields are supported:
Fields | Description |
|---|---|
clusterId | Cluster name |
clusterUid | Cluster UID |
user | App user name |
userName | App real user name |
queue | App queue. In the case of Databricks, it is the workspace name. |
kind | App type |
Do the following to enable the Fields data filter.
From the installation directory, run the following command:
<Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.<
role>.data.field.<field><field_value1>,<field_value2>In
<role>, you must specify the role for which set the data filterIn
<field>specify any of the supported ElasticSearch fields.In
<field_value1>,<field_value2>, etc. specify the ElasticSearch field values.For example:
/opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.queue "queue1, queue2" /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.clusterUid "cluster1, cluster2"
You can also use substitute fields when you set the Fields data filter. For example:
opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.queue "queue1, queue2, \$tags.rbac_queue" /opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.userName \$user
Stop Unravel, apply the changes, and start Unravel.
<Unravel installation directory>/unravel/manager stop then config apply then start
If you enable the Query data filter, then the data filtering is enabled for the specified ElasticSearch query. You can set this data filter using a property value that must be a valid Elasticsearch query. Do the following to enable the Query data filter.
From the installation directory, run the following command:
<Unravel installation directory>/unravel/manager config properties set com.unraveldata.rbac.role.<
role>.data.es.query<STRING>In
<role>, you must specify the role for which you want to set the data filterIn
<STRING>specify a valid ElasticSearch query string.For example:
/opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.es.query "{ terms: { kind: [\"spark\"] } }"You can also use substitute fields when you set the Query data filters.
Note
Use \ to escape special characters ! $ " ' ` \ .
Stop Unravel, apply the changes, and start Unravel.
<Unravel installation directory>/unravel/manager stop then config apply then start
Substitute fields
Substitute fields, which are keywords, can be used in Fields and Query configurations. These get resolved to some user-related information. Thus, you can pass a specific field or a query string when you set the data filter for app data access. The following substitute fields can be used when you set the data filters.
$user: The field/query gets resolved to the user’s username. For example:
/opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.userName "\$user"
$groups: The field/query gets resolved to user’s groups. For example:
/opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.queue "\$groups"
$tags.<tag_key>: The field/query will get resolved to user’s <tag_key> tag value. For example:
/opt/unravel/manager config properties set com.unraveldata.rbac.role.role1.data.field.userName "\$tags.rbac_queue"