How does the row level security work without any rule #30033
Replies: 2 comments
-
Row Level Security (RLS) in Apache Superset works by applying custom where clauses attached to tables and roles. These clauses are defined in the In your case, even though you haven't added any new rule on row level security in the Superset UI, the RLS clause you provided in the guest token request is being applied. This is because the Here is how it works:
Therefore, the RLS clause you provided ( For more details, you can refer to the relevant code and documentation: |
Beta Was this translation helpful? Give feedback.
-
RLS gets applied from the rule in the token, it doesn't seem that an RLS rule in the UI is needed for guest_tokens as there is no real user. |
Beta Was this translation helpful? Give feedback.
-
I have implemented superset-emebedded with @superset-ui/embedded-sdk package, now while fetching guest token am passing my RLS as well, it fetches my record only respective to the particular tenant in my embed superset, but my query here is since i haven't specified any rule on row level security, how does it even worked?
This is my RLS query:
"rls": [{ "clause": "tenantidentifier='dummy'" }]
The below is my full body query for guest token
{ "user": {"username": "test", "first_name": "Test", "last_name": "Test viewer"}, "resources":[{"type": "dashboard", "id": "*********4"}],"rls": [{ "clause": "tenantidentifier='dummy'" }] }
In above image you can see there are no rules defined
the above screenshot is embed one in our portal where you can see only one selection available on Brand selection whereas in superset portal i can see many filters available on Brand selection, attaching the below screenshot below
My question here is how did it pick the exact filter for my query, when i havent even add any new rule on row level security, can some one eloborate me more on this RLS thing
Beta Was this translation helpful? Give feedback.
All reactions