[GitHub] [superset] altef commented on pull request #8699: [SIP-29] Add support for row-level security

[GitBox <gi...@apache.org>]

altef commented on PR #8699:
URL: https://github.com/apache/superset/pull/8699#issuecomment-1133757981

   @shenrie If I recall correctly (and this may be out-of-date), it's on a table _but not by table name_ - a [table](https://github.com/altef/incubator-superset/blob/5eeb296223dbd25e0fbca8386faee152e4402499/superset/connectors/sqla/models.py#L341) entry in superset, which has a reference to a specific [database](https://github.com/apache/superset/blob/master/superset/models/core.py#L109).
   
   I've had luck doing that sort of thing from outside superset. For example, if I had a script that added the database and tables to superset, I might have it set the RLS rules for any table called `users`.  This of course doesn't help at all if you're adding them manually.  Thankfully I was able to settle on a simple, consistent rule that could be set and never adjusted by restricting data by user ID based on a convention I maintain on the DB side.  It was in the vein of :
   
   ```sql
   data_group_id IN (
   	SELECT data_group_id FROM users_to_data_groups 
   	WHERE user_id={{ cache_key_wrapper(current_user_id()) }}
   )
   ```
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org