This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Looker & Looker Studio
- Looker Forums
- Modeling
- Re: Dynamic Connection Switching in Looker for Emb...
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Solved
LinkedIn
Twitter
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have embedded a Looker dashboard using SSO embedding within a product that serves multiple customers. Each customer has their own separate database, but all databases follow the same schema. The goal is to dynamically switch the database connection based on the user accessing the embedded dashboard.
For example:
Customer 1 should use db-1
Customer 2 should use db-2
Since the dashboard structure is the same for all customers, I need a way to ensure that each user sees only their own data while keeping database connections separate for privacy reasons.
Approach I Considered:
I explored the option of using user attributes to store connection details (e.g., username, password, dataset). These attributes are then passed dynamically when generating the embed URL, allowing Looker to use the correct connection for each user.
However, this method requires passing database credentials with every API call, which raises security concerns.
Question:
Is there a better way to dynamically switch connections in a Looker model based on the user, without exposing credentials in every request?
However, this method requires passing database credentials with every API call, which raises security concerns.
Question:
Is there a better way to dynamically switch connections in a Looker model based on the user, without exposing credentials in every request?
Any best practices or alternative approaches would be highly appreciated!
Thanks,
Prashant
Thanks,
Prashant
0
7
189
Topic Labels
- Labels:
-
Customizing LookML
7 REPLIES 7
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to clarify, have you tried using the approach detailed here in the documentation?
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your quick response!
Yes, I have reviewed the documentation, and I check that we can dynamically change the schema and table names based on user attribute values.
However, our use case is slightly different. In our scenario, each user has their own separate database, though the schemas and table structures are identical across all databases. This means that when a user accesses the dashboard:
User 1 should connect to database_1
User 2 should connect to database_2
The challenge is dynamically switching the entire database connection based on the user, rather than just modifying the schema or table name within a single connection.
Is there a way to achieve this in Looker, without exposing credentials in every request of embed URL creation?
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the documentation on user attributes, "The host, port, database, username, password, and schema of connection can each be given the value of a user attribute." Would this approach work for you?
I think the difference here is that it would handled on the server side rather than passed through the API call as you mention above.
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apologies for the delayed update.
We can assign the values for host, port, database, username, and password as user attributes, which can be set from the server side. However, every customer needs to provide these fields.
For SSO-embedded URL creation, we call an API where we must pass these fields in the each request to set them as user attributes.
Is there an alternative approach that allows us to dynamically change the connection without needing to pass all these fields in the API call each time?
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you were taking this approach, I think you would only need to pass the name of the database through, rather than all of those elements? Because the connection could rely on using the same password, host, port etc.?
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have only one connection available in Looker, where we dynamically modify the host, port, database, username, and password to switch database connections based on the user.
As you mentioned, passing only the database would not be sufficient because each user has a unique username, password, host, and port.
Therefore, whenever a user accesses the dashboards, we must pass their specific username, password, host, port, and database to establish the correct connection.
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reply posted on
--/--/---- --:-- AM
Post Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah, I understand - I thought it would be possible for you to re-use the same connection parameters and only change the DB name, as the other parameters would be invisible to anyone outside your organisation anyway.
I can't think of another way to handle this, unfortunately, but perhaps someone else can.
Top Labels in this Space
-
access grant
6 -
actionhub
1 -
Actions
8 -
Admin
7 -
Analytics Block
45 -
API
25 -
Authentication
2 -
bestpractice
7 -
BigQuery
69 -
blocks
11 -
Bug
60 -
cache
7 -
case
12 -
Certification
2 -
chart
1 -
cohort
5 -
connection
14 -
connection database
4 -
content access
2 -
content-validator
5 -
count
5 -
custom dimension
5 -
custom field
11 -
custom measure
13 -
customdimension
8 -
Customizing LookML
217 -
Dashboards
144 -
Data
7 -
Data Sources
3 -
data tab
1 -
Database
13 -
datagroup
5 -
date-formatting
12 -
dates
16 -
derivedtable
51 -
develop
4 -
development
7 -
dialect
2 -
dimension
46 -
done
9 -
download
5 -
downloading
1 -
drilling
28 -
dynamic
17 -
embed
5 -
Errors
16 -
etl
2 -
explore
58 -
Explores
5 -
extends
17 -
Extensions
9 -
feature-requests
6 -
filter
220 -
formatting
13 -
git
19 -
googlesheets
2 -
graph
1 -
group by
7 -
help
1 -
Hiring
2 -
html
19 -
IDE
1 -
imported project
8 -
Integrations
1 -
internal db
2 -
javascript
2 -
join
16 -
json
7 -
label
6 -
link
17 -
links
8 -
liquid
154 -
Looker Studio Pro
1 -
looker_sdk
1 -
LookerStudio
3 -
LookML
858 -
lookml dashboard
20 -
LookML Foundations
112 -
looks
33 -
manage projects
1 -
map
14 -
map_layer
6 -
Marketplace
2 -
measure
22 -
merge
7 -
model
7 -
modeling
26 -
multiple select
2 -
mysql
3 -
nativederivedtable
9 -
ndt
6 -
Optimizing Performance
52 -
parameter
70 -
pdt
35 -
performance
11 -
periodoverperiod
16 -
persistence
2 -
pivot
3 -
postgresql
2 -
Projects
7 -
python
2 -
Query
3 -
quickstart
5 -
ReactJS
1 -
redshift
10 -
release
18 -
rendering
3 -
Reporting
2 -
schedule
5 -
schedule delivery
1 -
sdk
5 -
singlevalue
1 -
snowflake
16 -
SQL
244 -
system activity
3 -
table chart
1 -
tablecalcs
53 -
tests
7 -
time
8 -
time zone
4 -
totals
7 -
user access management
3 -
user-attributes
9 -
value_format
5 -
view
24 -
Views
5 -
Visualizations
166 -
watch
1 -
webhook
1 -
日本語
3
- « Previous
- Next »