How to set permissions for a Superset dashboard

Question

I have created different dashboards in Superset for different roles. At the moment, the only way I can limited who can see certain dashboards/charts is to use different tables/datasource.

For examples:

In MySQL, I have a table called TableX. I then created multiple views for this table.

Group A, I created a view to TableX and pull it into Superset as TableA. Under this group, I set the role to have datasource access to TableA.

Group B, I created another view to TableX and pull it into Superset as TableB. Under this group, I set the role to have datasource access to TableB.

Group C, I created another view to TableX and pull it into Superset as TableC. Under this group, I set the role to have datasource access to TableC.

This works well as I can control which dashboard they can see and the other dashboards are hidden. However, I must create multiple copies of the same charts for each role and the only change is the datasource.

How can I set the permissions correctly for the dashboards without creating multiple datasource. I am running Apache Superset 0.29.0rc7.

Answer 1

Using Row Level Security filters (under the Security menu) you can create filters that are assigned to a particular table, as well as a set of roles. If you want members of the Group A to only have access to rows where department = "finance" in your TableX, you could:

Create a Row Level Security filter with that clause (department = "finance"). Then assign the clause to the GroupA role and the table it applies to. The clause field, which can contain arbitrary text, is then added to the generated SQL statement’s WHERE clause.

All relevant Row level security filters will be combined together (under the hood, the different SQL clauses are combined using AND statements). This means it's possible to create a situation where two roles conflict in such a way as to limit a table subset to empty.

Please, also check the link below Row Level Security.