Dynamic User Filtering
Use dynamic row-level security to show different data to different embed users based on a client_id parameter.
Dynamic user filtering lets you control which data each embed user sees by passing a client_id value in the embed URL. This is useful when you have a multi-tenant database and want each customer to only see their own data.
Dynamic user filtering is available on the Enterprise plan only.
How It Works
- You enable Dynamic Row-Level Security in your embed settings
- You add a
client_idparameter to the embed URL for each customer - When an embed user queries a shared SQL connector, Formula Bot automatically filters results to only show rows matching that user's
client_id
This means you can use a single embed configuration across all your customers — each one sees only their own data.
Setup
1. Enable Dynamic RLS
- Go to Embeddings in the sidebar
- Select your embed
- Expand the Dynamic Row-Level Security section in Settings
- Toggle it on
2. Prepare Your Database
Your SQL database table(s) need a column that identifies which customer owns each row. Common column names:
client_idtenant_idorganization_idcompany_id
For example, if you have an orders table:
| id | client_id | product | amount |
|---|---|---|---|
| 1 | acme-corp | Widget A | 500 |
| 2 | acme-corp | Widget B | 300 |
| 3 | globex | Widget A | 750 |
3. Add client_id to Your Embed URL
When embedding Formula Bot on your site, append the client_id query parameter:
<iframe
src="https://analytics.formulabot.com/embed/YOUR_EMBED_ID?client_id=acme-corp"
width="100%"
height="100%"
frameborder="0"
></iframe>
For dynamic sites, set the client_id value programmatically based on the logged-in user:
const embedUrl = `https://analytics.formulabot.com/embed/YOUR_EMBED_ID?client_id=${currentUser.companyId}`;
document.getElementById('embed-frame').src = embedUrl;
4. How Filtering Works
When an embed user asks a question like "Show me all orders", Formula Bot automatically adds a WHERE client_id = 'acme-corp' filter to the SQL query. The user never sees data from other clients.
- The
client_idvalue is captured when the user first visits the embed and stored in their profile - All subsequent queries are automatically filtered
- Users cannot override or bypass the filter
Testing
You can test dynamic filtering from the embed dashboard:
- Go to Embeddings and select your embed
- In the Users section, enter a
client_idvalue in the "Test with client_id" field - Click Test to copy the test URL
- Open the URL in an incognito window
- Query your data to verify only matching rows appear
Try different client_id values to confirm each customer sees only their data.
Column Matching
The filter matches against a column called client_id in your database tables. If your column has a different name, you can create a view that aliases it:
CREATE VIEW orders_view AS
SELECT *, tenant_id AS client_id FROM orders;
Then share the view as a connector instead of the raw table.
Security Considerations
- URL parameter security: The
client_idis passed in the URL. Ensure your application sets this server-side based on authenticated user data — don't let end users modify it - Column existence: If a table doesn't have a
client_idcolumn, the filter won't apply to that table. Be mindful of which tables you expose - Read-only access: Shared connectors are always read-only, so embed users cannot modify data regardless of filtering
Always verify your filtering is working correctly before going live. Use the Test feature with different client_id values to confirm data isolation.
Next Steps
- Users & Connectors - Manage embed users and shared connectors
- Customization - Configure embed appearance