Restricting data samples based on token information

On this page:

1. Overview
2. Creating a query in Redash

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Overview

The regulations administrator can restrict the data sample when creating queries in Redash. This can be done based on the context information obtained from the JWT token.

Context information refers to the user attributes transmitted by the Keycloak service.

For example, the edrpou attribute can indicate the user’s affiliation with a certain institution (such as a school, bank, or company).

A report administrator can write a query limiting the data sample to records containing the given attribute value. For example, this way you can restrict the report to the classes of the school that a specific official represents.

Authentication in the Redash service works through the Keycloak identity and access management service using the SOAP protocol in XML format. During authentication, all user attributes, including the edrpou attribute, are transferred from Keycloak to Redash via the token.

Attributes become readable in Redash using placeholders in the following format: [[<attributeName>]].

For example, edrpou = '[[edrpou]]'.

2. Creating a query in Redash

To limit the selection by the edrpou attribute, you need to know the user’s EDRPOU code. It must be specified as the edrpou attribute in the Keycloak service.

Create a new query:

Sign in to the Redash admin interface (redash-admin).
Open the Queries section and click New query.
Write a query to retrieve data from a corresponding view table.
Example 1. Querying the registry.report_laboratory_v table
SELECT * FROM registry.report_laboratory_v WHERE edrpou = '[[edrpou]]'
Click the Execute button.

As a result, the system returns data that matches the attribute you specified.

For details on creating analytical reports in Redash, see Task 6. Developing analytical reports.