Hi team, I want to implement RLS in Looker Studio. I’m currently using a GA4 direct data source. Is it possible to implement RLS in this setup?
After some research, I started using blended data sources: one table from GA4 and another from a Google Sheet that contains email and region information. I joined both tables based on the region field. However, I’m still unable to get RLS working in Looker Studio.
Row-Level Security (RLS) is not functioning in this setup because it must be enforced at the data source level, rather than within a blended data source. The native Google Analytics 4 (GA4) connector does not support identity-based filtering, meaning it cannot reference external data—such as a Google Sheets file containing user email mappings—to control row-level access.
Although it is technically possible to apply a “Filter by Email” on the Google Sheets portion of a blended data source in Looker Studio, this approach fails in practice. Looker Studio does not propagate that security filter to the GA4 connector. As a result, the GA4 dataset remains unfiltered, and the join cannot enforce secure row-level restrictions. This often leads to errors (e.g., “System Error”) or empty result sets.
To properly implement RLS, the GA4 data should be exported to BigQuery. Within BigQuery, you can create a SQL view that dynamically filters data based on the identity of the user accessing the report.
BigQuery enables user-level identification through the SESSION_USER() function, which returns the email address of the currently authenticated user. This allows you to enforce row-level filtering directly at the database level—before the data is exposed to Looker Studio.
For example:
SELECT *
FROMdemo_123.users
WHERE email = SESSION_USER()
This query ensures that each user only sees records associated with their own email address. If no matching records exist, the query will return no data, effectively enforcing access control.
Hope it will work for you,
Thank you.
