GitHub user gabriel-korbato added a comment to the discussion: Overriding can_access_datasource to block access to sensitive tables
@dosu I could try your suggestion to create and use a role that does not have `all_database_access` or `all_datasource_access`, but that would require explicitly giving permissions to each new and future datasources. In my use case users generally require to create datasources, charts and dashboards, and to share them amongs themselves. Also, new data will be added to the database daily. It wouldn't be practical to keep up with this having to explicitly grant permissions each time, so by default I am giving Alpha permissions to users, and then using the custom logic to prohibit access to only certain tables in the database (and any datasources that query it). Is there a way to generally grant access to all data sources, but to prohibit a role from accessing specific tables or charts based on those tables? To give more detail, my plan was to have two database connections to the database, one with a privileged user and another with an unprivileged user. Only privileges Superset accounts would have access to the connection with the privileged user. The problem is that if those privileged users make a datasource and chart from a sensitive table and share it, I need a way to block unprivileged users from seeing those datasources and charts. This is why I set to customize `can_access_datasource`. What other part of the code must be modified to make these exceptions work? GitHub link: https://github.com/apache/superset/discussions/35932#discussioncomment-14844033 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
