betodealmeida commented on issue #32993: URL: https://github.com/apache/superset/issues/32993#issuecomment-2776586602
> I see there already exists a flag to disable catalog discovery - `allow_multi_catalog`. I propose that if this flag is set to false, then Superset should only sync permissions for the default catalog. I've had some security concerns about this in the past, since even if you have `allow_multi_catalog` disabled people can still query across catalogs in SQL Lab. But we do (1) parse the SQL and (2) check if the query is across catalogs, so if we don't create the permissions for non-default catalogs it should still prevent the user from running the query. Let me do some testing and making sure it's safe to skip the permission creation. If so, then it's easy to run the catalog permission creation only for the default catalog when multi-catalog is off. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
