Row-level security (RLS) is a BI feature that automatically filters the data a user sees based on who they are — without requiring separate reports for each person. Two users can open the identical report and see completely different data: a sales rep sees only their accounts, a regional manager sees only their region, a client sees only their own records. The filter is applied at query time, invisibly, based on the user's identity.
It's one of the most operationally important features in business intelligence, and one of the most frequently gated behind expensive tiers. This chapter covers what RLS actually is, the problem it was designed to solve, and the scenarios where not having it creates real risk.
Row-level security (RLS) is a mechanism that restricts which rows of data a user can see when they query a database or run a report. The restriction is applied automatically based on user identity — the user doesn't filter manually, and they can't see data outside their permitted scope even if they try. Also called data-level security or record-level security depending on the platform.
The Problem RLS Solves
Before row-level security existed in BI tools, the standard approach to data isolation was to build separate reports for each user or group. A company with 20 regional managers would maintain 20 versions of the same sales report — one filtered for each region. Every time the report changed, someone updated it 20 times. Every time a manager changed regions, someone rebuilt the filter. It was unsustainable at any meaningful scale.
The alternative — giving everyone access to all the data and trusting them to filter it themselves — is obviously not appropriate when the data includes anything sensitive: client financials, patient records, employee compensation, or competitive account data.
RLS resolves both problems. You build the report once. The security policy attached to that report determines what each user sees when they run it. The regional manager in the Southeast opens the report and sees Southeast data. The national sales director opens the same report and sees everything. Neither user configures anything — the system handles it based on their identity.
The Three Scenarios Where RLS Is Non-Negotiable
Sharing Dashboards with External Users (Clients, Partners, Franchisees)
The moment you share a dashboard with someone outside your organization, you need data isolation. A marketing agency delivering client dashboards cannot have Client A's data visible to Client B — that's a trust violation and potentially a contract violation. A franchisor sharing operational dashboards with franchisees cannot expose one location's performance data to another. A SaaS company embedding analytics in their product cannot show Customer A's usage metrics to Customer B.
In all of these cases, the same underlying reports can serve every external user — but only with RLS enforcing per-user or per-group data boundaries. Without it, you're either building separate instances per client (not scalable) or accepting that all external users see all data (not acceptable).
Internal Data Segmentation Across Departments or Roles
Within a single organization, data access requirements often vary significantly by role. Sales reps should see their own pipeline, not their colleagues'. HR should access compensation data without that data being available in the general BI environment. Regional managers should see their region's KPIs without having visibility into other regions' performance data — which they'd use to make political arguments in leadership meetings rather than manage their own business.
This isn't just about restricting access for security reasons. It's about showing people the data that's relevant to their job, and not overwhelming them — or creating friction — with data that isn't.
Multi-Tenant Environments (SaaS, Managed Services, Hosting)
If you're a SaaS company, MSP, or any business running a shared infrastructure serving multiple customers, you almost certainly have data from different customers in the same database tables. Row-level security is the mechanism that ensures each customer sees only their own records. Without it, you either need separate database instances per customer (expensive and operationally complex) or you're relying on application-layer filtering that can have gaps.
For these environments, RLS isn't a feature — it's an architectural requirement. Sharing a database across tenants without RLS in place is a data breach waiting to happen.
Row-Level vs. Column-Level Security — What's the Difference?
These two are frequently confused but solve different problems.
Row-level security controls which records (rows) a user can see. The sales rep sees their 47 accounts; the sales director sees all 1,200. Both see the same columns — account name, revenue, status — but the set of rows returned differs based on who's asking.
Column-level security controls which fields (columns) are visible at all. A manager might see employee salary data; a peer-level user viewing the same employee table sees everything except the salary column. The row is there, but certain fields are hidden entirely.
In practice, most BI deployments that need one eventually need both. A healthcare BI deployment might use RLS to show each provider only their patients, and column-level security to ensure that certain diagnosis codes are only visible to clinical staff, not billing staff viewing the same records.
DashboardFox implements both through its data security framework — row filtering via Data Tags (covered in Chapter 4) and column-level visibility controls as a separate layer. Both are available starting at the $99/month Starter tier. For a full overview of the security architecture, see the DashboardFox Security page.
What RLS Does Not Do
It's worth being clear about the scope. Row-level security controls data visibility within a report or dashboard — it does not control which reports a user can see in the library, which dashboards they have access to, or what actions they can take (edit, export, share). Those are handled by role-based access controls and folder/report-level permissions, which are a separate layer of security.
A complete BI security implementation typically involves four layers: authentication (who can log in), access control (which reports they can see), role-based permissions (what they can do), and data-level security (which records they see when they run a report). RLS is that fourth layer. You need all four for a complete picture.
Why Some Teams Think They Don't Need It (And Why They're Usually Wrong)
The most common reason teams skip RLS implementation is that they start with a small, trusted internal audience. Everyone on the analytics team can see everything, and that's fine. The problem is that BI deployments almost always expand. The tool that starts as an internal analytics platform becomes the system used to share data with a client who asks for their own view. The internal sales dashboard gets extended to include reps who shouldn't see each other's pipeline. The managed service provider adds a second customer to their DashboardFox account and suddenly needs to ensure the two can't see each other's data.
Building RLS in from the start costs almost nothing operationally. Retrofitting it after the fact — when you already have a library of reports built without data isolation in mind — is substantially more work. The architecture decisions you make when you have two users affect how cleanly you can scale to two hundred.
What is row-level security?
Row-level security (RLS) is a BI feature that automatically restricts which rows of data a user sees when they run a report, based on their identity. Two users can open the same report and see completely different data — without manually filtering. The filter is applied at query time by the BI system, not by the user.
Is row-level security the same as data-level security?
The terms are used interchangeably in most contexts. Data-level security is the broader category — it includes row-level security (filtering which records are returned) and column-level security (hiding specific fields). When BI vendors say "data-level security," they almost always mean row-level security is part of the feature set.
Do I need row-level security if my team is small?
Team size isn't the deciding factor. The question is who you're sharing data with and whether those users should see each other's records. A five-person agency sharing client dashboards with ten clients absolutely needs RLS. A hundred-person internal team where everyone should see everything might not. The deciding factor is data isolation requirements, not headcount.
What's the difference between row-level security and role-based access control?
Role-based access control (RBAC) determines which reports and dashboards a user can see in the BI library. Row-level security determines which data they see when they run one of those reports. RBAC answers "can this user access this report?" — RLS answers "given that they can access it, what data should they see when they run it?" Both layers are needed for complete security.
