[GitHub] [superset] rumbin commented on issue #14970: User Impersonation is not working for Alert Condition in Alerts

[GitBox <gi...@apache.org>]

rumbin commented on issue #14970:
URL: https://github.com/apache/superset/issues/14970#issuecomment-1018806600


   Confirming this for Superset 1.4.
   
   The queries for taking the snapshots of the dashboards are correctly run with user impersonation as user `admin`, which, I think, is the intended behavior.
   
   However, when the alert condition query is run, the username that is passed as second argument into the `DB_CONNECTION_MUTATOR` is the username that is configured in the basic/unmutated connection string of the DB connection.
   
   Not an expert here, but I have the feeling that the Security Manager is not being used for issuing the alert query. Or at least, the user impersonation is not being applied.
   
   In our case we are working around this issue by using `admin` as the username in the original connection string. This way we achieve that both the alerting query and the snapshotting are passing the same username to the connection mutator. This way we can treat them both the same way.
   
   However, I still feel that this in an improper implementation.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org