justin-barton opened a new issue #8644: [SIP-29] Add support for row-level security URL: https://github.com/apache/incubator-superset/issues/8644 ## [SIP-29] Proposal to add support for row-level security ### Motivation Many BI applications, particularly in multi-tenancy scenarios, require support for row-level security. That is, the ability to show different slices of a table to users based on some user attribute. This feature has been requested in Superset several times, including: https://github.com/apache/incubator-superset/issues/660 https://github.com/apache/incubator-superset/issues/5128 https://github.com/apache/incubator-superset/issues/7887 https://github.com/apache/incubator-superset/issues/8023 ### Proposed Change Primarily, this feature would require two sub-features: 1. The ability to add user attributes 2. The ability to filter queries based on these attributes The proposed solution would be to add an 'attributes' property to roles that would essentially be a user-defined key-value store: <img width="1239" alt="Screenshot 2019-11-24 02 35 54" src="https://user-images.githubusercontent.com/48782327/69489249-cb66f300-0e6c-11ea-9be2-905a25d2548f.png";> and to make those role attributes available as values for Query Filters: <img width="1237" alt="Screenshot 2019-11-24 02 38 26" src="https://user-images.githubusercontent.com/48782327/69489261-f2252980-0e6c-11ea-90d8-658b24fd82d3.png";> ### New or Changed Public Interfaces - New 'attributes' property added to roles - Changes to Query Filters to allow access to attribute values (e.g by macros like WHERE column={{role.attributes.key}} - Minor UI changes associated with the above ### New dependencies N/A ### Migration Plan and Compatibility TBD ### Rejected Alternatives Pre-processing data into multiple tables or views: - This solution does not scale well, and requires all attribute values to be known a priori - Requires duplicate dashboards and charts Reverse proxy - Issues with identifying the user initiating the query
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
![https://user-images.githubusercontent.com/48782327/69489249-cb66f300-0e6c-11ea-9be2-905a25d2548f.png"](https://user-images.githubusercontent.com/48782327/69489249-cb66f300-0e6c-11ea-9be2-905a25d2548f.png"){kind=link}
![https://user-images.githubusercontent.com/48782327/69489261-f2252980-0e6c-11ea-90d8-658b24fd82d3.png"](https://user-images.githubusercontent.com/48782327/69489261-f2252980-0e6c-11ea-90d8-658b24fd82d3.png"){kind=link}