altef commented on issue #8699: [SIP-29] Add support for row-level security URL: https://github.com/apache/incubator-superset/pull/8699#issuecomment-598269364 Hi @AaronCH5, I'm not completely certain what you're asking, but one difference is that in this pull request (which has been merged) instead of specifying a column and a value you specify a clause that will be added to the query. So in your example above where you specify the column name `avg_circulate_duration` and the value `toB`, you would instead just write something like `avg_circulate_duration='toB'`. Since you can write whatever you want in there, this allows you to go pretty deep down the filter hole. You can use multiple columns, or reference other tables as necessary. For example, it would allow you to move complex permissions into its own table should you so desire: > `avg_circulate_duration IN (SELECT allowed_avg_circulate_duration FROM custompermissions WHERE user_id='{{current_user_id()}}')` The actual processing code where the filter clause gets added to the query is in https://github.com/apache/incubator-superset/blob/master/superset/connectors/sqla/models.py#L867 The cache key code in viz.py you referenced (https://github.com/apache/incubator-superset/blob/master/superset/viz.py#L394) adds the row level security IDs to the cache key, in order to differentiate cached query results for queries that would otherwise be the same but for different RLS rules.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
