villebro commented on a change in pull request #8699: [SIP-29] Add support for
row-level security
URL:
https://github.com/apache/incubator-superset/pull/8699#discussion_r382897950
##########
File path: superset/config.py
##########
@@ -723,6 +723,9 @@ class CeleryConfig: # pylint:
disable=too-few-public-methods
"force_https_permanent": False,
}
+# Do you want to enable Row Level Security?
+ENABLE_ROW_LEVEL_SECURITY = False
Review comment:
Can we add the comment that @dpgaspar added earlier?
> Note that: RowLevelSecurityFilter is only given by default to the Admin
role and the Admin Role does have the all_datasources security permission. But,
if users create a specific role with access to RowLevelSecurityFilter MVC and a
custom datasource access, the table dropdown will not be correctly filtered by
that custom datasource access. So we are assuming a default security config, a
custom security config could potentially give access to setting filters on
tables that users do not have access to.
It doesn't need to be the exact same comment, but something that makes it
possible for the admin enabling the feature to understand that there might be
security implications that have yet to be fully addressed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
