[GitHub] [superset] amitmiran137 commented on a change in pull request #13773: feat(dashboard_rbac): dashboard extra jwt

GitBox Thu, 01 Apr 2021 10:35:33 -0700


amitmiran137 commented on a change in pull request #13773:
URL: https://github.com/apache/superset/pull/13773#discussion_r605350358




##########
File path: superset/security/manager.py
##########
@@ -987,15 +989,28 @@ def raise_for_access(  # pylint: 
disable=too-many-arguments,too-many-branches
                 )
 
         if datasource or query_context or viz:
+            extra_jwt = None
             if query_context:
                 datasource = query_context.datasource
+                extra_jwt = query_context.extra_jwt
             elif viz:
                 datasource = viz.datasource
+                extra_jwt = viz.extra_jwt
 
             assert datasource
 
+            ds_allowed_in_dashboard = False
+            if feature_flag_manager.is_feature_enabled("DASHBOARD_RBAC"):
+                dashboard_data_context = 
dashboard_jwt_manager.parse_jwt(extra_jwt)
+
+                if dashboard_data_context:
+                    ds_allowed_in_dashboard = (
+                        datasource.id in dashboard_data_context.dataset_ids
+                    )
+
             if not (
-                self.can_access_schema(datasource)
+                ds_allowed_in_dashboard

Review comment:
       @ktmud @suddjian  upon each chart data query request (legacy or v1 API) 
this part is being called of validating from extracting the  signed jwt if that 
dataset is being called from a queryContext /Viz  
   
   Only dashboard owner/admin an give dashboard access (see the video)
   
   Let's assume that daahboard access is being granted to a read only persona 
   
   And to that persona  explore chart permission is not granted as well
   
   So that type of a user can only see data under the dashboard
   He cannot edit the dataset or play around with it in the explore
   In theory he could use that jwt to query the dataset freely in SQLlab(if he 
permission to sqllab to begin with) 
   
   From a dashboard point of view is up to the dashboard creator to wrap data 
with the relevant datasets(either physical or virtual) that will restrict the 
readonly personas to what is relevant for them
   
   If there is a huge physical dataset that might expose sensitive data then 
you can always have a thiner portion of it by creating a virtual one 
   
   
   How would you suggest make that flow secure?
   
   
   
   -------------
   @suddjian I would be happy to do a follow up PR just to support SPA , no 
worries there 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [superset] amitmiran137 commented on a change in pull request #13773: feat(dashboard_rbac): dashboard extra jwt

Reply via email to