villebro commented on a change in pull request #8699: [SIP-29] Add support for row-level security URL: https://github.com/apache/incubator-superset/pull/8699#discussion_r355205921
########## File path: docs/security.rst ########## @@ -153,3 +153,28 @@ a set of data sources that power dashboards only made available to executives. When looking at its dashboard list, this user will only see the list of dashboards it has access to, based on the roles and permissions that were attributed. + + +Restricting access to a subset of a particular table +"""""""""""""""""""""""""""""""""""""""""""""""""""" + +Using ``Row level security filters`` (under the ``Security`` menu) you can create +filters that are assigned to a particular table, as well as a set of roles. +Say people in your finance department should only have access to rows where +``department = "finance"``. You could create a ``Row level security filter`` +with that clause, and assign it to your ``Finance`` role, as well as the +applicable table. + +The ``clause`` field can contain arbitrary text which is then added to the generated +SQL statement's ``WHERE`` clause. So you could even do something like create a +filter for the last 30 days and apply it to a specific role, with a clause like +``date_field > DATE_SUB(NOW(), INTERVAL 30 DAY)``. It can also support multiple +conditions: ``client_id = 6 AND advertiser="foo"``, etc. + +You can throw whatever you want in there to define the subset of the table you want the roles in question to have access to. Review comment: Personally I prefer to keep the docs as "official" as possible. I think expressing the above along the lines of "It is possible to limit..." would sound more appropriate. Also, the above row is slightly longer than the other rows; in the spirit of keeping row lengths as uniform as possible, I suggest adding a line break somewhere before the 90th character. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
