You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/03/23 19:05:25 UTC

[GitHub] [superset] vedangparasnis opened a new issue #19340: RowLevel Security Generation using Api

vedangparasnis opened a new issue #19340:
URL: https://github.com/apache/superset/issues/19340


   We have recently implemented Superset Security using OAUTH and custom roles. However, these custom roles are from different clients where we filter data for each client using a row level security based on his/her ssn id. So essentially we provide a row level security for all the roles with all the set of tables containing ssn id and the where clause value in rls is dynamically populated using jinja functions. 
   
   However, due to increasing complexity of our use case we want a cascading rls for the same role and filtering values with different Jinja functions.  Hence, we tried to generate rls using api rather to do it all via UI. 
   
   I tried to generate rls on fly that is controlled by our security manager, I tried with 2 endpoints for generations 
   1.  /rowlevelsecurityfiltersmodelview/add (sending a form data payload) [Note there is no CORS or unauthorized issue we are able to send request but the response is not a valid payload ]
      The Error message is [Not a Valid Choice] with some html markup in response.
   
   2. /rowlevelsecurityfiltersmodelview/api/create (sending application/json payload the response this time is as follows)  
    
   ![image](https://user-images.githubusercontent.com/35874709/159775275-aa0fe7a5-38d8-454f-8bc3-eb2be629704d.png)
   
   
   #### How to reproduce the bug
   
   Generation via the rls api
   1. Go to  ${superset_host}/rowlevelsecurityfiltersmodelview/api/create with the json payload similar to the row level security form payload    rowLevelPayload = {
       clause: 'participant_id = {{ current_role_JinjaFilter() }}',
       filter_type: "Regular",
       tables: [all the set of tables to be added],
       group_key: null 
      roles:: [all the role id the filter to be applied]
     }
   Generation via the rls form post request 
    Go to  ${superset_host}/rowlevelsecurityfiltersmodelview/add with the form data payload similar to the row level security add form payload   
   6. See error message as mentioned in the image above
   
   ### Expected results
   
   I expected a rls security can be added via api in the same way it is done using UI
   
   ### Actual results
   
   Error Message (Validation Error message) in response.
   
   #### Screenshots
   
   Attached ScreenShots above of the Error
   
   ### Environment
   
   (please complete the following information):
   
   - latest version of chrome
   - superset version: latest version
   - python version: 3.8.2
   - node.js version: 14
   - any feature flags active: ROW_LEVEL_SECURITY=True
   
   
   - [ Y] I have checked the superset logs for python stacktraces and included it here as text if there are any.
   - [Y ] I have reproduced the issue with at least the latest released version of superset.
   - [ Y] I have checked the issue tracker for the same issue and I haven't found one similar.
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] vedangparasnis commented on issue #19340: RowLevel Security Generation using Api

Posted by GitBox <gi...@apache.org>.

vedangparasnis commented on issue #19340:
URL: https://github.com/apache/superset/issues/19340#issuecomment-1076718989


   Any Help would be helpful, needed it urgently due to strict project timelines. 
   Thanks in advance.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] srinify commented on issue #19340: RowLevel Security Generation using Api

Posted by GitBox <gi...@apache.org>.

srinify commented on issue #19340:
URL: https://github.com/apache/superset/issues/19340#issuecomment-1076837195


   Thanks for opening this issue Vedang. Participation in Github issues is opt-in and Superset is an open source project not owned by any company, so just a heads up that it might be a while before this bug is validated / replicated and fixed!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org