Comments (10)
Delegating permissions to users who can read specific tables in the database is quite important. I've worked at 3 companies that use superset for data mining, and all have raised the same issue.
I believe this improvement will make Superset a much more powerful data mining tool.
from superset.
I think my point still applies then - if you are letting people query production databases, they should be trusted with that data (to the extent of what that particular db user allows them to access). If this doesn't fit, I think you are stuck using data sources as your control layer in some way, and SQLlab access is off-limits.
from superset.
This is something that should be managed at the db level (using different users), which I know you said was something you didn't want to do. Otherwise data source permissions is the only thing that remotely fits.
Overall I think if you are going to give people permission to use sqllab, they need to be trusted with whatever data that user can access in the database. There's really no difference between sqllab and any other SQL IDE/workbench.
from superset.
I think it's safe to say we need more detail in the proposal... we need to better understand the exact implementation here... how it's manifested in the UI, the default access, how it interacts with datasource permissions, etc. If this happens to be something you already have working on a fork, a Draft PR might help move the conversation forward as well.
from superset.
It might be worth filling out the other parts of the SIP template that are missing here. Otherwise, let me know if you need any help kicking off the [DISCUSS] thread on the Superset dev mailing list to move it forward.
from superset.
@rusackas as I read in 5602, I'm missing descriptions of New or Changed Public Interfaces, New dependencies, Migration Plan and Compatibility and Rejected Alternatives. However, I find these descriptions unnecessary. Could you tell me what information we should add to make it clearer?
from superset.
CC @dpgaspar @yousoph for comments/consideration.
from superset.
Hi there!
If you take a look at the List Roles page, you should be able to set up data permissions for schemas and datasources:
There's some additional information here and here as well - does that address what you're looking to achieve?
from superset.
@yousoph I'm aware of that feature, but it is not useful for determining which tables a user can access when querying in SQL Lab
from superset.
@andy-clapson This is not quite right. For querying on the IDE, we use personal accounts to query the database.
But on Superset, we query the database and create datasets to draw dashboards. Therefore, we cannot use personal-account for each dashboard when querying the database. We need to use a service account to represent Superset in querying the database.
And I also believe that the dashboards on Superset are a production environment. We are not allowed to use personal-account for the dashboards, and we cannot rely on the assumption that people never make mistakes. We need to avoid situations of human error.
from superset.
Related Issues (20)
- SQL Lab Error 'str' object has no attribute 'set' HOT 4
- No module named 'superset.translations.utils' HOT 3
- subquery calculated columns not supported as dimensions with sql_mode=only_full_group_by HOT 4
- SECRET KEY ERROR HOT 7
- When a user wants to delete a dataset , the confirmation message could be more shaped HOT 2
- A report not yet executed is marked like a success HOT 1
- On Country Map, Cross-Filtering is not operational as a source HOT 2
- ModuleNotFoundError: No module named 'pkg_resources' HOT 1
- Report fails to generate if dashboard doesn't contain a chart HOT 1
- Mixed chart doesn't support forced categorical x-axis HOT 1
- Error: `prophet` package not installed HOT 3
- Very very slow Apache Superset dashboard HOT 3
- Superset 4.0.2 : Table Chart - Column Based Total Calculation HOT 2
- Handlebars chart - pagination support HOT 2
- superset_node build failure @nx/nx-linux-x64-gnu missing module HOT 6
- Mixed chart x-axes overlap for time period of last quarter HOT 1
- Cannot get back asyncquery result HOT 1
- Dev-server page isn't rendered HOT 14
- Garbled characters on the agent page in the development environment HOT 4
- Labels of Advanced analytics stats in the chart legend can't be changed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from superset.