axelet opened a new issue #9532: Row Level Security filter wildcard for all tables and multiple table filters URL: https://github.com/apache/incubator-superset/issues/9532 ### **Case** As we work closely with Superset and the new **Row Level Security** feature we soon came to the situation in which we have pretty much the same filters for multiple tables. And the amount of the filters is growing constantly. So, it becomes difficult to manage all these filters in the current RowLevelSecurityView. Also, there is a security case when the user have a filter constraint on a certain table and an additional sqllab_view table is being created. So the user will be able to see unauthorised data. And the 1st solution below will solve this one too. ### **Suggestion** As now we have only per table filters we propose to implement some kind of all table filters and multiple table filters. ### **Possible solutions** 1. We can make the **table_id** column of the row_level_security_filters table **nullable**. And **null** will stand for asterisk (apply the filter to all tables). The solution currently fits all own requirements. 2. As a development of the 1st idea we can introduce a new table called, for example, **rls_filter_tables**. It will represent the relation between **rls_filter_id** and **table_id** pretty much the same as we have for role-filter relations in the **rls_filter_roles**. ``` id | table_id | rls_filter_id 1 | 5 | 1 2 | 6 | 1 ``` ### **Outcomes** This way we can re-use existing filters for other tables and preserve space and readability on the RowLevelSecurityView page.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
