GitHub user mohamedsigservice created a discussion: RLS condition inconsistently applied inside dataset metric subqueries
Hello, I am having an issue with Row Level Security (RLS) behavior in Apache Superset. I created an RLS rule like this: ```sql warehouse_id = XX OR warehouse_id IS NULL ``` The problem is that this clause is applied inconsistently depending on the query structure. In some cases, the RLS condition is also injected inside subqueries used by dataset metrics, while in other cases it is only applied to the outer query. This creates incorrect KPI calculations because some metrics are filtered internally while others are not. What I want: * Control where the RLS clause is applied * Prevent it from being injected inside specific subqueries/metrics * Or force it to always apply at a specific level of the query Questions: 1. How does Superset decide where to inject RLS clauses? 2. Why are dataset metric subqueries sometimes affected and sometimes not? 3. Is there a way to control RLS scope/query injection behavior? 4. What is the recommended architecture for datasets/metrics when using RLS with complex SQL and subqueries? Environment: * Apache Superset (Docker) * PostgreSQL * Datasets using custom SQL, metrics, and subqueries Thanks. GitHub link: https://github.com/apache/superset/discussions/40400 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
