mistercrunch commented on issue #8699: [SIP-29] Add support for row-level security URL: https://github.com/apache/incubator-superset/pull/8699#issuecomment-561868273 Yesterday I went straight to the code and missed much of the conversation and comments here. I think quickly things become better handled based on data over metadata. By that I mean if there are complex rules over which sales rep can see which regions, or even just if there's a high-ish cardinality of rules (say over 10), things are best represented as a subquery based on local data. That's easily expressed as something like `region IN (SELECT region FROM rules_table WHERE user_id = {{current_user.id}})`. Then a single rule will do and it becomes about managing the `rules_table`. I'm not against a more structured format as in (field, operator, value), as long as value is templatable and operator has a subquery option. It does seem logic to go logical `AND` across fields and logical `OR` (or `IN`) on same field.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
