Skip to main content
User attributes allow you to map user-specific variables to Omni operations, such as querying, dashboarding, and data access. These attributes can be used in dashboard filters or workbooks or to filter embedded content.

​
User attribute basics

Yes. User attributes can be used in a few ways to control data access:
  • Access filters, which allow you to restrict the rows of data a user can access within a topic. Access filters apply the values assigned on a user attribute to the WHERE clause of every SQL query a user runs, filtering out to only the data designated to that user:
    Filter by brand_name
    access_filters:
  - field: products.brand
    user_attribute: brand_name
    values_for_unfiltered: [all_brands]
    enable_sql_like_wildcards: true
  • Access grants, which define topic- and field-level permissions. Omni will map a user’s attribute value to a corresponding allowed value and determine if the user has the necessary permissions to access that topic or field:
    Grant access for user group
    access_grants:
  blob_sales_access:
    user_attribute: "omni_user_groups"
    allowed_values: ["Blob Sales"]
    access_boostable: false
  • Fields. User attributes can be referenced in fields using Mustache syntax, for example: {{ omni_attributes.<attribute-name> }}. This construct can be used to:
    • Provide conditional access to a field, or
    • To hash a field based on a user attribute. This can be done by using a CASE statement in the SQL definition for a field. For example, the following name_hidden and name_hashed examples demonstrate how to use user attributes to hide or hash a name field as an alternative to using access grants to remove access entirely:
      Hide or hash field based on user attribute
      name:
  sql: ${users.full_name}

name_hidden:
  sql: |+
    CASE 
      WHEN {{omni_attributes.see_names}} = 'true'
      THEN ${users.name}
      ELSE 'No Access'
    END

name_hashed:
  sql: |+
    CASE 
      WHEN {{omni_attributes.see_names}} = 'true'
      THEN ${users.name}
      ELSE MD5(${users.name})
    END
Yes. User attributes can be used to parameterize the connection queries run against while in an Omni branch. Refer to the Dynamically switching database environments guide for more information and setup steps.
Yes. There are a few ways to do this:
  • Dashboard Markdown tiles. You can use user attributes in dashboard Markdown tiles with Mustache syntax. For example, {{metadata.userAttributes.<user_attribute>.values}} would return the value of the specified user attribute.
  • Dashboard deliveries. User attributes can be used to personalize deliveries, including messages (where supported) and the data included in the delivery.
Yes. Refer to the Default system attributes section for more information.

​
Creating user attributes

Organization Admin permissions are required to create new custom attributes.
To define a new user attribute, click the New Attribute button on the Attributes admin page. Each user attribute has the following settings:
  • Name: The name of the user attribute, how it will be displayed in the UI
  • Reference: How the attribute will be referenced in code, such as in the model
  • Type: Used to check that valid values are assigned to users. String and Number data types are allowed.
  • Multiple values: Specifies whether multiple values can be assigned to a user for this attribute
  • Description: Explanation of the attribute or how it will be used
  • Default value: Optionally, set a default value that all users will inherit if a value is not directly assigned to them
    Do not set a default value for attributes that are used in access filters or access grants. You could unintentionally grant access to data this way.

​
Assigning values to individual users

After defining a user attribute, assign a value for each user:
  1. Click the Users tab.
  2. Click Edit Value for the user you want to assign the value to.
  3. Enter the new value:
  4. Click Save.
After updating, the Source field will show whether the value is the default value or if it was set specifically for the user.

​
Default system user attributes

Omni’s default user attributes will be marked with a System badge in the Settings > Attributes page.
​
omni_is_org_admin
boolean
If true, the user is an Organization Admin.
​
omni_user_email
string
The user’s email address.
​
omni_user_embed_entity
string
The user’s embedded entity name. For example, Blobs R Us
​
omni_user_groups
string
The user groups that the user is a member of. The value will be a comma-separated list of user group names, for example Blob Sales, Blob Marketing
​
omni_user_id
string
A unique identifier for the user. For example, 91abbe19-b0de-4537-bc62-cec1d95420c9
​
omni_user_locale
string
The user’s locale code, such as en-US or fr-FR.
​
omni_user_name
string
The user’s name. For example, Blob Ross or Blobby Parton
​
omni_user_timezone
string
The user’s timezone, which is set using the Query timezone setting on the user’s profile. For example, UTC or America/Los_Angeles