GitHub user dosubot[bot] added a comment to the discussion: Metric level security
<!-- Greeting --> Hi @marcemon! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> Superset does **not** currently support native metric-level security. The permission model is dataset-centric — you can control access to entire datasets/datasources, and Row Level Security (RLS) filters rows, but there's no built-in way to hide specific metrics from certain roles on a shared dashboard. Interestingly, there was an `is_restricted` field on metrics in earlier versions, but it was deprecated and removed in 2019 [[1]](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/migrations/versions/2019-09-08_21-50_11c737c17cc6_deprecate_restricted_metrics.py#L33-L37). **Workarounds people use:** 1. **Separate datasets per audience** — Create one dataset with C-suite metrics and another with operational metrics, then build charts from the appropriate dataset and control access at the dataset level. 2. **Separate dashboards** — Rather than one shared dashboard with metric-level filtering, maintain two dashboards (one executive, one operational) and use Dashboard RBAC to restrict access. 3. **Database-native RLS** — Push security enforcement to the database layer (e.g., PostgreSQL RLS policies) using Superset's `DB_CONNECTION_MUTATOR` to pass session context [[2]](https://github.com/apache/superset/discussions/40400). 4. **Jinja-based filtering** — Embed conditional logic in virtual dataset SQL using Jinja macros to control what's exposed based on the current user. Of these, separate datasets + Dashboard RBAC is probably the most straightforward approach for your use case. You'd have an executive dashboard and an operational dashboard, each pointing to datasets with the appropriate metrics exposed. There's no immediate roadmap item for native metric-level security, though the Semantic Layer initiative (SIP-182) could eventually enable this through external semantic layers [[3]](https://github.com/apache/superset/issues/35003). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=reply-with-mention&utm_term=apache%2Fsuperset).* --- Share context across your team and agents. Try [Dosu](https://dosu.dev?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-tagline&utm_term=apache%2Fsuperset). [](https://app.dosu.dev/response-feedback?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-feedback&utm_term=apache%2Fsuperset&message_id=af0f5ccf-c7b8-4fe9-87fa-502b54a7a5ca) [](https://github.dosu.com/apache/superset?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-learn-repo&utm_term=apache%2Fsuperset) [](https://app.dosu.dev/signup?referrer=openSource&source=github-footer&utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-add-team&utm_term=apache%2Fsuperset) GitHub link: https://github.com/apache/superset/discussions/40509#discussioncomment-17099827 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
