axelet opened a new issue #9532: Row Level Security filter wildcard for all 
tables and multiple table filters
URL: https://github.com/apache/incubator-superset/issues/9532
 
 
   ### **Case**
   As we work closely with Superset and the new **Row Level Security** feature 
we soon came to the situation in which we have pretty much the same filters for 
multiple tables. And the amount of the filters is growing constantly. So, it 
becomes difficult to manage all these filters in the current 
RowLevelSecurityView. 
   
   Also, there is a security case when the user have a filter constraint on a 
certain table and an additional sqllab_view table is being created. So the user 
will be able to see unauthorised data. And the 1st solution below will solve 
this one too.
   
   ### **Suggestion**
   As now we have only per table filters we propose to implement some kind of 
all table filters and multiple table filters. 
   
   ### **Possible solutions**
   1. We can make the **table_id** column of the row_level_security_filters 
table **nullable**. And **null** will stand for asterisk (apply the filter to 
all tables). The solution currently fits all own requirements.
   2. As a development of the 1st idea we can introduce a new table called, for 
example, **rls_filter_tables**. It will represent the relation between 
**rls_filter_id** and **table_id** pretty much the same as we have for 
role-filter relations in the **rls_filter_roles**.  
   ```
   id | table_id | rls_filter_id
    1 |        5 |             1
    2 |        6 |             1
   ```
   
   ### **Outcomes**
   This way we can re-use existing filters for other tables and preserve space 
and readability on the RowLevelSecurityView page.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to