A Community Connector can enforce viewer's credentials for all data sources created from the connector.
Required reading
Data Studio reports can have one or more data sources attached to them. When a user creates a new data source from a connector, they can select whether the data source should use Owner's credentials or Viewer's credentials.
When you Access user identity properties, the effective user is based on who has authorized the connector.
- For data sources with Owner's credentials, the data source owner is the effective user. The data source owner authorizes the connector when they create the data source.
- For data sources with Viewer's credentials, the effective user is the report viewer. The report viewer will authorize the connector when they view a report.
Benefits
- You can ensure data confidentiality.
- Data access cannot be shared from one user to another.
- You can ensure users will only be able to see data relevant to them.
- It becomes easier for your users to create scalable dashboards.
Implementation steps
There are two steps to enforcing viewer's credentials for your connector:
- In your connector's manifest, set
dataStudio.forceViewersCredentialstotrue. See Manifest reference for details. - Depending on your use case, you can implement your access control logic. Ensure that only the relevant data for the report viewer is returned from the connector. See Access user identity properties to understand how your code can access the user identity/email address.