Data Filtration - Practical use case with APIs

DineshS
Tera Guru

‎12-10-2023 03:53 PM - edited ‎12-13-2023 02:40 PM

Further to @Dan Martinez 's post on Data Filtration, I wanted to use the feature for integrations where we wanted to control what an integration should be able to read. Let’s first understand the requirement

There are 3 main API users; employee, vendor and partner

  1. Given user should be able to view only those records associated with it. For example,
    1. Vendor should be able to view only those records assigned to their group DFR Vendor
    2. An employee should be able to view only those records assigned to their group DFR Employee
    3. A partner should be able to view only those records assigned to their group DFR Partner
  2. Users with admin or ITIL role should be able to view all records from the table, including those assigned to Vendor, Employee and Partner

How I did it 

  1. I created a demo DF Requests table(u_df_request)with 3 fields – a DFR number(u_dfr_number), Description(u_description) and Assignment Group Name(u_group_name). In this example, we will use assignment group name to filter which records can be accessed in different scenario. 

  2. Created sample records as given in the figure                                                                                                                  DineshSankar_4-1702248650722.png

  3.  To ensure that an API call from Vendor can retrieve only those records assigned to DFR Vendor group, we need to create two Data Filtration records for each scenario

    1. To fetch the records that are assigned to DRF Vendor group, the API user should belong to DFR Vendor group or have ITIL role
    DineshSankar_5-1702248799152.png

    This means, to read the records that are assigned to DFR Vendor, the API user should be in the DFR Vendor group or have the ITIL role


    2. To ensure that Vendor API user is unable to view anything other records, we need to create another data filtration record

    DineshSankar_7-1702249300191.png

    This means, to read records which are NOT assigned to DFR Vendor, the API user should not be in DFR Vendor group. This prevents the Vendor API user from viewing records that are not assigned to DRF Vendor group 

  4. Create the Data Filtration Records similar to above for Partner
    • DineshSankar_8-1702249807590.pngDineshSankar_10-1702250038208.png
  5. Create the Data Filtration Records similar to above for Employee
    • DineshSankar_11-1702250102588.pngDineshSankar_12-1702250157957.png
  6. Let's test now. First with the Vendor API User as per requirement #1a. As you can see, only two records are  returned.                                                                              DineshSankar_13-1702250408924.pngDineshSankar_14-1702250509452.pngDineshSankar_15-1702250541313.png

     

  7. Let's now test with the ITIL user(Requirement #2). The ITIL user is able to view all the records on the table

    DineshSankar_16-1702250998109.png

    Note : I have shown raw response format so as to view all records on one screenshot

    I hope you find this post useful. Please share your feedback(if any) to make the content better

     

     { I seem to have lost the privilege to create an article or blog, hence creating this as a question 😟 }
  • 547 Views
0 REPLIES 0