[I] How to Restrict Dataset Access to Specific Roles in Superset? [superset]

[via GitHub]

ishirvani opened a new issue, #31637:
URL: https://github.com/apache/superset/issues/31637

   ### Bug description
   
   
   Hello Superset Community,
   
   I am trying to configure access control for a specific dataset in Apache 
Superset. My goal is to restrict access to this dataset so that only a specific 
role (e.g., power_user) can view and use it, while other roles (e.g., Admin, 
Gamma) should not have any access.
   
   Here are the steps I tried so far:
   
   Removed all_datasource_access from all roles except power_user.
   Configured Row Level Security (RLS):
   Created an RLS rule for the dataset with a clause like:
   sql
   Copy code
   {{ current_role() }} = 'power_user'
   Tested restricting database-level access and adjusting permissions via roles 
(can read, can write).
   Unfortunately, none of these approaches successfully restricted dataset 
access to only the power_user role. Other roles can still access the dataset, 
which breaks the intended security.
   
   Questions:
   Is there a built-in or recommended way to restrict access to a dataset for 
specific roles only?
   Does RLS support filtering access based on roles directly?
   If this is not possible via the UI or configurations, is there a way to 
achieve this through custom development or database modifications?
   Any guidance or solutions would be greatly appreciated.
   
   Thank you in advance for your help!
   
   
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   4.1.1
   
   ### Python version
   
   3.9
   
   ### Node version
   
   16
   
   ### Browser
   
   Chrome
   
   ### Additional context
   
   _No response_
   
   ### Checklist
   
   - [X] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [X] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [X] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org