Using custom SSO attributes in row level security ( RLS )

We are trying to enable RLS on a number of dashboards. Looking to leverage employee ID which can be pulled through from Okta SAML. How can I add additional user attributes that map to the employee ID?

At this point, your authorization details per user would need to be in a CDW table. You would use CurrentUserEmail() to get the email of the logged on user, then pass it as a source parameter to your SQL, and then would build a SQL statement around that to filter out anyone else’s data.

That means that your CDW must have a table, that has an email address of each Sigma user, mapped to whatever field that controls row level security access to your data.

For example, if different Sigma users need to see some accounts, then this table would look like:
table account_rls:
Column: sigma_user_email
Column: account_id

and all your account queries would need to be inner joined to this table, with CurrentUserEmail() passed as a source parameter to the WHERE clause:

SELECT a.*
FROM accounts a JOIN
account_rls r on a.account_id = r.account_id
WHERE
r.sigma_user_email = {CurrentUserEmailSourceParm}

In the worksheet, you would create a source parameter CurrentUserEmailSourceParm and set it to CurrentUserEmail().