john-bodley edited a comment on issue #10408: URL: https://github.com/apache/incubator-superset/issues/10408#issuecomment-697673946
I partially misspoke earlier, currently there are no access controls explicitly at the dashboard level, it's merely a series of [rules](https://github.com/apache/incubator-superset/blob/e4ffaecc72afb706a31d66d626e3c15c94b3a995/superset/views/dashboard/filters.py#L33-L36). I do think the community needs to collectively decide whether security should be at i) the datasource level (either Superset datasource or the underlying database, schema, etc.), the ii) chart/dashboard level, or iii) a combination of both (i) and (ii). Currently it's (i) (for right or wrong) and aspects of dashboard level access could be achieved by row level access and/or dashboard specific Superset datasources. There is additional overhead with this approach, however it's simpler to grok, the access patterns are likely more secure (people could exploit dashboard level access controls), and doesn't require additional logic or development of request/approval/management flow. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
