GitHub user dosubot[bot] added a comment to the discussion: Seeking Some Help On DataSource Security / RLS
<!-- Greeting --> Hello @Yash-alternativepath! 👋 I'm [Dosu](https://dosu.dev), your friendly bot here to help you solve bugs, answer questions, and navigate the world of contributions. I'm ready to assist you while we wait for a human maintainer. Let's tackle your issues together! 😊 <!-- Answer --> To ensure that Row-Level Security (RLS) is applied when querying datasets in SQL Lab and allow users to create new virtual datasets through joins while only seeing data restricted by RLS or the virtual dataset, you need to follow these steps: 1. **Define RLS Filters**: Create `RowLevelSecurityFilter` objects with the necessary clauses and associate them with the relevant tables and roles. This will ensure that RLS is applied based on user roles. 2. **Enable RLS in SQL Lab**: Make sure the feature flag `RLS_IN_SQLLAB` is enabled. This allows RLS to be applied in SQL Lab queries. Depending on the database's capabilities, RLS can be inserted by replacing the table with a subquery that includes the RLS or by appending the RLS to the `WHERE` clause. 3. **Apply RLS in SQL Lab**: When users query datasets in SQL Lab, the RLS filters will automatically apply based on their roles. The filters are combined using logical operators (AND/OR) as defined in the filter clauses. 4. **Create Virtual Datasets**: Users can create virtual datasets through joins in SQL Lab. The RLS filters will ensure that they only see data restricted by their roles or the virtual dataset's conditions. 5. **Test RLS Application**: Test the application of RLS filters by querying the datasets and checking if the expected restrictions are applied. For more detailed implementation, you can refer to the integration tests and SQL Lab implementation in the Superset repository <sup>[[1]](https://github.com/apache/superset/blob/master/tests/integration_tests/security/row_level_security_tests.py)</sup><sup>[[2]](https://github.com/apache/superset/blob/master/superset/sql_lab.py)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/190dd5d3-a8e7-4d3d-989f-249847065349?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/190dd5d3-a8e7-4d3d-989f-249847065349?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/190dd5d3-a8e7-4d3d-989f-249847065349?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/190dd5d3-a8e7-4d3d-989f-249847065349?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/190dd5d3-a8e7-4d3d-989f-249847065349?feedback_type=hallucination) | [Bug Report](https://app.dosu.dev/response-feedback/190dd5d3-a8e7-4d3d-989f-249847065349?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/190dd5d3-a8e7-4d3d-989f-249847065349?feedback_type=other)</sup> GitHub link: https://github.com/apache/superset/discussions/33308#discussioncomment-12999029 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
