frlm opened a new issue, #25351: URL: https://github.com/apache/superset/issues/25351
*Please make sure you are familiar with the SIP process documented* (here)[https://github.com/apache/superset/issues/5602]. The SIP will be numbered by a committer upon acceptance. ## [SIP] Proposal for API Row Level Security: get rls by username or roles via API ### Motivation I have created the following SIP to give the client-side possibility to generate an embedding request by retrieving the row level securities defined on the UI page, example of setting:  Providing either the username of the user or the role already defined on Apache Superset, API returns the list of RLS to be provided to body of endpoint _**/api/v1/security/guest_token/**_:  Otherwise, the client making the request must know in advance the settings provided at the user interface level. The following endpoints generate output considering the filter type (Basic / Regular) and the presence or absence of the Group Key. Right now a user without providing an rls but only the default value **[ ]**, can display all the data within the dashboard, in my case I needed to manage the display of the type of data with respect to the user requesting the embedding. The output of request will be list of dictionaries with "clause" and "dataset" as keys, e.g: ~~~ [{"clause":"(province = 'AG')","dataset":25},{"clause":"(gender = 'boy')","dataset":2}] ~~~ If the different rls filters associated with the requested user or role have the same group key, the filters associated with the same dataset will be merged using the OR condition, e.g: ~~~ [{"clause":"(province = 'AG') OR (province = 'SI')","dataset":25}] ~~~ ### Proposed Change  I created new two endpoints: - /api/v1/security/get_rls_by_username/ - /api/v1/security/get_rls_by_role/ that retrieve users, roles, tables and rls from Metadata tables (using the SQLAlchemy package), convert all filters of type Base to Regular and aggregate the filters with respect to the defined group key value. Obviously considering only the row level securities enabled on that specific user or role. ### New or Changed Public Interfaces As mentioned above, I created two new endpoints of type Security, documented within the swagger page:   ### New dependencies No additional python package needs to be installed ### Migration Plan and Compatibility No database migrations are necessary, or updates to stored URLs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
