This series focuses on our partnership with ThoughtSpot, its valuable data solutions and the value we provide to clients as a team.
Welcome to part four of our introductory series on ThoughtSpot. We at InterWorks are very excited about ThoughtSpot, and we would love to help you and your organization understand how ThoughtSpot can help you in your data and analytics journey. If you missed the prior three parts, you’ll want to visit them before reading this blog. We are nearing the end of this intro, so you’ll want to make sure you have a grasp on the foundational content first.
As we talked about last time, setting up your data correctly is critical for ThoughtSpot to be effective for your organization. Today, we are going to dive deeper into the data layer in ThoughtSpot.
Enterprise Data Strategy with ThoughtSpot
ThoughtSpot has always been ready for supporting an enterprise data strategy. Data objects like tables, worksheets and views can be shared with groups or individual users, thereby customizing who has access to what data sources. Let’s take a look at a specific example here: In our demo environment, we have user K (that’s me 😊 ) and user I, our InterBurger Franchisee User. User K is a master user, domain admin or owner of the data and should see all data in our given dataset. User I only should see select columns made available to them since they have limited permissions.
This is a typical use case in data management across organizations. In most BI tools, you have to create AND manage two datasets to support this. I emphasize manage because I know in my prior life, we always underestimated the management or maintenance of an additional dataset. Then one day, you look up and have to change 47 datasets because one column changed in the source system. But back to our example … This dataset is flight data for all U.S. flights from 1992 to 2016. User K (yours truly) can see all the columns:
But User I can only see a subset of the data:
We accomplish this through the sharing of the worksheet. The first Flight Worksheet is shared with the Admin Group, but the second one with 11 columns is shared with the Franchisee Group, of which User I is a member:
Both of these worksheets hit the same master table, which queries the same Snowflake view. So any change to Snowflake or the master table in ThoughtSpot (V_Flights) only has to be changed once, and those changes will cascade down to the worksheets automatically. I only had to create a second worksheet for the Franchisee, or User I, that limited their column access.
This is a powerful and easy way to manage data at an enterprise level for self-service analytics.
Row-Level Security for Data Management
Let’s look at another common example in managing data for reporting and analytics: row-level security.
We’ll revisit our example. User I can only see Delta flights, but User K can see the entire dataset. How do we do this? At the table level. There are built-in functions (ts_username and ts_groups) to identify a user or their group membership. Row-level security should be established at the highest level possible in order to simplify maintenance and management, so I recommend using ts_groups as much as is feasible. However, there are many use cases where the username itself makes sense—think about a restaurant owner only seeing their data, a financial analyst only seeing their accounts or an executive only seeing her direct reports and departmental information. Ts_username is perfect for building logic like this.
For our example, we use ts_Groups and are looking at a group on our server called Franchisee Group, then we look for the airline to be Delta and return true for those rows and false for the others.
Note: All row-level security calculations need to return a true or false statement.
In ThoughtSpot, we have to nest the if then logic as we cannot yet have an AND statement in RLS, so our function looks like this:
if (ts_groups =‘Franchisee Group’ ) then if(airlinename =‘Delta Air Lines Inc.: DL’ ) then true else false else true
The result of this will show our search for User K:
… and the search for User I:
It is possible to have multiple row-level security on a table. In doing this, ThoughtSpot will treat each one like an OR statement. This allows for different levels of granularity. There may be some special users that need to have special permissions outside their normal group. Multiple rules will allow for this:
The Path to Your Best Analytics with ThoughtSpot
Our last entry in this ThoughtSpot blog series will be about ThoughtSpot Everywhere and embedded analytics using Curator by InterWorks. We will have additional blog write-ups on other critical ThoughtSpot topics like TML, functions and calculations, evaluating SQL and performance, so stay tuned for more ThoughtSpot content on the horizon. And in the meantime, if you plan on attending on ThoughtSpot Beyond 2022, be sure to stop by our booth or check out one of our sessions.
If you have questions about ThoughtSpot, or any other data management solutions or strategy, we’d love to talk! Catch us at Beyond or contact us here, and let’s begin mapping out your road to analytics success.