[GitHub] [superset] pl77 commented on issue #12910: Giving access based on Dashboards instead of Datasources.

[GitBox <gi...@apache.org>]

pl77 commented on issue #12910:
URL: https://github.com/apache/superset/issues/12910#issuecomment-772825105


   @amitmiran137 This sounds complex.  If a person has access to the dashboard it would seem that they pretty much already have access to the data source, do they not?  I guess, from my side, if I wanted to prevent users from accessing various columns or records within a table/database I'd just generate a separate materialized view or other temporary table with the permissible data and give the users full access to that instead.  Otherwise it feels like I'll be playing an endless game of whack-a-mole trying to plug various holes to prevent users from tweaking their AJAX calls and grabbing the whole illicit data set. 
   
   Anyway, I'll be watching this closely as it might minimize some of my data-post-processing efforts if I can set stronger permissions on data subsets.  


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org