Hey all,
I’m trying to figure out if there’s any way to implement RLS/CLS in Looker without relying on user attributes.
Right now, I’m already using a group-based approach where group values (like client or opco) are tied to user attributes, and then access filters control what data’s visible. It works — but I’m worried about scale.
My environment has lots of clients, and within those clients, we’ve got multiple and deeper structures. So with this setup, I’m looking at potentially hundreds of user attributes just to cover all access rules — and that’s not something I want to maintain long-term.
Is there a way to still keep it secure and dynamic, but avoid the mess of managing tons of user attributes?
Appreciate any ideas or approaches.