GitHub user dosubot[bot] added a comment to the discussion: Multi-Tenant User management
<!-- Greeting --> Hi @sainikhilsamineni! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> Superset doesn't have a built-in setting for tenant-based user management or restricting role assignments to specific user managers, but you can achieve this with some backend customization. You can use the CUSTOM_SECURITY_MANAGER config option to define your own security manager class, extending SupersetSecurityManager. In this class, you can override user listing and role assignment logic to enforce that a user manager (like tenantA-usermanager) only sees users with a specific role (like tenantA-user) and can only assign that role when creating new users. See the SupersetSecurityManager implementation for reference on where to hook your logic in: [superset/security/manager.py](https://github.com/apache/superset/blob/98b35125c2a562bb2a61a26e6acd3430339320aa/superset/security/manager.py). For filtering which users and roles appear in the UI, you can use the EXTRA_RELATED_QUERY_FILTERS config in your superset_config.py. For example, you can provide a custom filter function for the "user" and "role" keys to only show users or roles matching your tenant's criteria. Example and details are in [superset/config.py](https://github.com/apache/superset/blob/98b35125c2a562bb2a61a26e6acd3430339320aa/superset/config.py). Keep in mind: these filters affect what appears in the UI, but for robust security, you should enforce restrictions in your custom security manager as well, since the frontend only reflects backend output. There isn't official documentation or out-of-the-box support for this use case, so some Python development is required to implement and maintain these customizations. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/cdb205ac-bc02-468d-9fa7-3ccbb2c33ac5?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/cdb205ac-bc02-468d-9fa7-3ccbb2c33ac5?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/cdb205ac-bc02-468d-9fa7-3ccbb2c33ac5?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/cdb205ac-bc02-468d-9fa7-3ccbb2c33ac5?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/cdb205ac-bc02-468d-9fa7-3ccbb2c33ac5?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/cdb205ac-bc02-468d-9fa7-3ccbb2c33ac5?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/cdb205ac-bc02-468d-9fa7-3ccbb2c33ac5?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/33877) GitHub link: https://github.com/apache/superset/discussions/33877#discussioncomment-13558097 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
