amitmiran137 edited a comment on issue #10408: URL: https://github.com/apache/incubator-superset/issues/10408#issuecomment-744637262
> Personally, I feel that all data access should be based on the role-based access control of the underlying Data Warehouse. > In many companies, Superset will not be the sole tool to access the data. So, if data access were to be controlled on a BI tool level, there would be a severe overhead of implementation the same data governance rules for each of the tools and access methods. > I'd greatly prefer to focus on getting der User Impersonation (a.k.a. User Principal Push Down) feature robustly working for the supported databases. > This way we would not require Dashboard Level Access Control at all: the users can access the charts depending on whether they are allowed to access the underlying tables/views. > All other solutions may rip holes into the company's data governance model in my eyes. > However, I am aware, that features like Caching of the chart's query results get much more complex, especially when the Data Warehouse supports column- or row-based access control. I totally agree with the use case described above btw. but there are use-cases like internal organization data access that doesn't require any governance but just access on the end delivery to the client which are the dashboards themselves this is why we it should be up to the organization to decide with what mechanism they want to use: either `dataset_level` or `dashboard_level` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
