Tag Archives: Birst

Birst security filtering


Quite a while since the last blog post but here we go again! As I’ve been involved with Birst lately it’s time to blog some under-the-hood stuff about Birst respectively.

I want to share the experience that is mentioned there and there around the Birst community articles. It’s about securing dimension attributes and how they affect the related fact measures depending on how the data sources are configured.

In my example I have the following fact, dimension and “access stable” data sets:




I want to secure the fact data depending on which business unit (BU) the user belongs to. As we can see the test user should be able to see only the HR fact data.

By using the basic security filtering feature via birst it can be accomplished:



Then when using Visualizer under the test users’ account we can see that the filtering works OK. Or does it?

Depends on what you consider as the correct output. By default, Birst is applying the security filter ONLY when the corresponding dimension is used in the visualization:


As we can see if we only choose the sales measure and no dimension attributes it shows the total amount of sales and doesn’t apply the security filter behind the dimension attribute (as it’s not being explicitly used).

At some times we may want to filter the underlying fact measure data “automatically” without explicitly adding the dimension attribute to the visualization. IMO I find this problematic as then you violate the “one set of numbers”-rule as every user could see different total amount depending on how their data is filtered via security filters.

Anyhow, if this is acknowledged and there’s no problem with the output the way to do it in Birst is to check the filtered attribute field as a Measure (not so “logical” I think but it works :)). Then we’ll end up having filtered total amount without using the dimension attribute: