You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/06/09 17:57:46 UTC

[GitHub] [superset] prachir1501 opened a new issue #15066: Permissions issue with superset- DataSource

prachir1501 opened a new issue #15066:
URL: https://github.com/apache/superset/issues/15066


   We need help with permisions for our superset usecase. We want each user to upload csv to default database but other users should not see that csv table. Here is high level permission that we want to setup:
   
   - create new data source
   - create new chart
   - create new dashboard
   - cannot see other users data source
   - cannot see other users chart
   - cannot see other users dashboard
   - can upload csv only to data source that he/she created
   
   A problem which arose was with the charts when we use same database, different gamma users can see the tables created by other users when selecting a table for chart, on the Create Chart page.
   
   Should we have new database for every user to achive that? Can it be achieved using same default data source for every user?
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] russmatney commented on issue #15066: Permissions issue with superset- DataSource

Posted by GitBox <gi...@apache.org>.

russmatney commented on issue #15066:
URL: https://github.com/apache/superset/issues/15066#issuecomment-888445724


   I think this is the same issue as described here: https://github.com/apache/superset/issues/13944 This is definitely a problem, and a blocker for use cases where users shouldn't be able to see each other's data sources.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] russmatney commented on issue #15066: Permissions issue with superset- DataSource

Posted by GitBox <gi...@apache.org>.

russmatney commented on issue #15066:
URL: https://github.com/apache/superset/issues/15066#issuecomment-888458262


   @prachir1501 nice - thanks for sharing. Probably something similar could prevent exposing all the users to each other as well (https://github.com/apache/superset/issues/15026).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] prachir1501 edited a comment on issue #15066: Permissions issue with superset- DataSource

Posted by GitBox <gi...@apache.org>.

prachir1501 edited a comment on issue #15066:
URL: https://github.com/apache/superset/issues/15066#issuecomment-888453718


   I have figured out a workaround as follows (for the charts) -
   In the file `superset/lib/python3.6/site-packages/superset/views/chart/views.py`,
    we can modify the add function as follows-
    This would make sure user only sees charts created by the user only
   ```
   def add(self) -> FlaskResponse:
       from flask import g
       from superset.views.utils import bootstrap_user_data
       temp = ConnectorRegistry.get_all_datasources(db.session)
       temp2 = []
       for d in temp:
           if(str(d.created_by) == str(g.user)):
               temp2.append(d)
   
       datasources = [
           {"value": str(d.id) + "__" + d.type, "label": repr(d)}
           for d in temp2
       ]
   
       payload = {
           "datasources": sorted(datasources, key=lambda d: d["label"]),
           "common": common_bootstrap_payload(),
           "user": bootstrap_user_data(g.user),
       }
       return self.render_template(
           "superset/add_slice.html", bootstrap_data=json.dumps(payload)
       )
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] prachir1501 commented on issue #15066: Permissions issue with superset- DataSource

Posted by GitBox <gi...@apache.org>.

prachir1501 commented on issue #15066:
URL: https://github.com/apache/superset/issues/15066#issuecomment-888453718


   I have figured out a workaround as follows (for the charts) -
   In the file `superset/lib/python3.6/site-packages/superset/views/chart/views.py`,
    we can modify the add function as follows-
   ```
   def add(self) -> FlaskResponse:
       from flask import g
       from superset.views.utils import bootstrap_user_data
       temp = ConnectorRegistry.get_all_datasources(db.session)
       temp2 = []
       for d in temp:
           if(str(d.created_by) == str(g.user)):
               temp2.append(d)
   
       datasources = [
           {"value": str(d.id) + "__" + d.type, "label": repr(d)}
           for d in temp2
       ]
   
       payload = {
           "datasources": sorted(datasources, key=lambda d: d["label"]),
           "common": common_bootstrap_payload(),
           "user": bootstrap_user_data(g.user),
       }
       return self.render_template(
           "superset/add_slice.html", bootstrap_data=json.dumps(payload)
       )
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org