mistercrunch commented on issue #28021: URL: https://github.com/apache/superset/issues/28021#issuecomment-2057882229
As discussed this morning: - overall we'd like to consider a federated model for all RBAC/ABAC, including data access (database, catalog, schema, tables, RLS) and objects (Dashboard, Alert & Reports, ...) - this includes per-object, or per "object pattern" rules as opposed to entity-based rules like we have now (can_update Alerts) - centralize all rule-checking to a central authority through a consistent model - bring out of FAB and into Superset Some TODO: - review existing frameworks like [Casbin](https://casbin.org/) and [opa](https://github.com/open-policy-agent/opa) to see whether they'd be viable/desirable - define entities, hierarchy and related actions required in V1 - has to be forward compatible, covering per object on(Database, Schema, Dataset, RLS, Dashboard) + CRUD on all other models (FAB allows this currently). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
