You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/11/24 04:03:27 UTC
[GitHub] [incubator-superset] justin-barton opened a new issue #8644:
[SIP-29] Add support for row-level security
justin-barton opened a new issue #8644: [SIP-29] Add support for row-level security
URL: https://github.com/apache/incubator-superset/issues/8644
## [SIP-29] Proposal to add support for row-level security
### Motivation
Many BI applications, particularly in multi-tenancy scenarios, require support for row-level security. That is, the ability to show different slices of a table to users based on some user attribute.
This feature has been requested in Superset several times, including:
https://github.com/apache/incubator-superset/issues/660
https://github.com/apache/incubator-superset/issues/5128
https://github.com/apache/incubator-superset/issues/7887
https://github.com/apache/incubator-superset/issues/8023
### Proposed Change
Primarily, this feature would require two sub-features:
1. The ability to add user attributes
2. The ability to filter queries based on these attributes
The proposed solution would be to add an 'attributes' property to roles that would essentially be a user-defined key-value store:
<img width="1239" alt="Screenshot 2019-11-24 02 35 54" src="https://user-images.githubusercontent.com/48782327/69489249-cb66f300-0e6c-11ea-9be2-905a25d2548f.png">
and to make those role attributes available as values for Query Filters:
<img width="1237" alt="Screenshot 2019-11-24 02 38 26" src="https://user-images.githubusercontent.com/48782327/69489261-f2252980-0e6c-11ea-90d8-658b24fd82d3.png">
### New or Changed Public Interfaces
- New 'attributes' property added to roles
- Changes to Query Filters to allow access to attribute values (e.g by macros like WHERE column={{role.attributes.key}}
- Minor UI changes associated with the above
### New dependencies
N/A
### Migration Plan and Compatibility
TBD
### Rejected Alternatives
Pre-processing data into multiple tables or views:
- This solution does not scale well, and requires all attribute values to be known a priori
- Requires duplicate dashboards and charts
Reverse proxy
- Issues with identifying the user initiating the query
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org