Samira-El opened a new pull request, #20114: URL: https://github.com/apache/superset/pull/20114
### SUMMARY In order to mitigate sensitive data leaking to less-privileged users when they load a cached dashboard/chart, this PR enables caching per user when a database has impersonation enabled. In our setup, we delegate permissions to database (Snowflake via OAuth) and we don't want to create and maintain another layer of ACLs in Superset. Discussion on this on [slack](https://apache-superset.slack.com/archives/C7G8CG0LR/p1572450733117200). This is an initial solution, happy to adjust it as per maintainers' feedback. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF <!--- Skip this if not applicable --> ### TESTING INSTRUCTIONS <!--- Required! What steps can be taken to manually verify the changes? --> Run this in a setup where caching is enabled and there is a datasource that allows user impersonation. ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
