GitHub user dosubot[bot] added a comment to the discussion: Querying on data set
<!-- Greeting --> Hi @17Shristi! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> Superset applies RLS filters from guest tokens directly at the SQL query level, so filtering should happen in the database, not after data retrieval. If you're seeing filtering only after the query runs, it's likely due to how the RLS clause is defined or attached to the dataset. Double-check that your RLS clause references the correct dataset and columns—if the column doesn't exist in the dataset, the filter won't be applied as expected, and you might see errors or unexpected behavior ([example](https://github.com/apache/superset/issues/32869)). For user-specific filtering (like user id), there's ongoing work to support dynamic user attributes in guest tokens, which you can access in your dataset SQL using the Jinja macro `get_guest_user_attribute`. This allows you to pass user-specific values (like user id) in the guest token and use them directly in your SQL WHERE clause, ensuring the filter is pushed down to the database ([details and example](https://github.com/apache/superset/issues/33922)): ```python # When creating the guest token guest_token = security_manager.create_guest_access_token( user={ "username": "external_user", "attributes": { "user_id": "12345" } }, resources=[{"type": "dashboard", "id": "dashboard-uuid"}], rls=[] ) ``` Then, in your dataset's SQL: ```sql SELECT * FROM your_table WHERE user_id = '{{ get_guest_user_attribute("user_id") }}' ``` If you're still seeing issues, check that the `EMBEDDED_SUPERSET` feature flag is enabled, your RLS clauses are correctly formatted, and the dataset columns match your RLS rules. If you use SQL Lab, make sure to save queries as datasets before creating charts, as RLS is only enforced on datasets ([reference](https://github.com/apache/superset/issues/33346)). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/b51e0e5c-f277-4f61-8a86-328348b3632d?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/b51e0e5c-f277-4f61-8a86-328348b3632d?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/b51e0e5c-f277-4f61-8a86-328348b3632d?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/b51e0e5c-f277-4f61-8a86-328348b3632d?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/b51e0e5c-f277-4f61-8a86-328348b3632d?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/b51e0e5c-f277-4f61-8a86-328348b3632d?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/b51e0e5c-f277-4f61-8a86-328348b3632d?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34132) GitHub link: https://github.com/apache/superset/discussions/34132#discussioncomment-13730366 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
