Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Database restriction in SQL Lab.

See original GitHub issue

Make sure these boxes are checked before submitting your issue - thank you!

[ ✅] I have checked the superset logs for python stacktraces and included it here as text if any
[ ✅] I have reproduced the issue with at least the latest released version of superset
[ ✅ ] I have checked the issue tracker for the same issue and I haven’t found one similar

Superset version

0.24.0

I added a presto datasource named as PrestoVizs in this manner: presto://presto_server_url:8080/catalog_name/db_name , where db_name is mlp_visualizations in this case . to the list of databases. However, In SQL Lab , all databases in the catalog are exposed. screen shot 2018-06-15 at 12 01 13 pm

Is there any way to restrict the schemas, or in this case the ‘databases’ from my presto catalog exposed in SQL Lab editor just to the dbname ? I tried this with an alpha + sql_lab user, apart from admin as well. Is there anyway there is a security role to do this? Or does one have to change the source code to restrict to just a single schema? If so can you point me in the direction for the same?

Issue Analytics

State:
Created 5 years ago
Comments:17 (4 by maintainers)

Top GitHub Comments

1reaction

usmankhan-dataengineeringcommented, Mar 31, 2022

In databases/filter.py:

class DatabaseFilter(BaseFilter):
    # TODO(bogdan): consider caching.
    def schema_access_databases(self) -> Set[str]:  # noqa pylint: disable=no-self-use
        return {
            security_manager.unpack_schema_perm(vm)[0]
            for vm in security_manager.user_view_menu_names("schema_access")
        }

    def apply(self, query: Query, value: Any) -> Query:
        if security_manager.can_access_all_databases():
            return query
        # For returning only Database connection created by user
        return query.filter(Database.created_by_fk == g.user.id)

It will restrict Database access to the user who created database connection

1reaction

tomaszjcommented, Apr 4, 2019

Hi folks, is it possible to progress the PR above to close the issue? It’d be really helpful for me. If there’s a way to contribute, let me know!