Row Level Security filter wildcard for all tables and multiple table filters

Case

As we work closely with Superset and the new Row Level Security feature we soon came to the situation in which we have pretty much the same filters for multiple tables. And the amount of the filters is growing constantly. So, it becomes difficult to manage all these filters in the current RowLevelSecurityView.

Also, there is a security case when the user have a filter constraint on a certain table and an additional sqllab_view table is being created. So the user will be able to see unauthorised data. And the 1st solution below will solve this one too.

Suggestion

As now we have only per table filters we propose to implement some kind of all table filters and multiple table filters.

Possible solutions

1. We can make the table_id column of the row_level_security_filters table nullable. And null will stand for asterisk (apply the filter to all tables). The solution currently fits all our requirements.
2. As a development of the 1st idea we can introduce a new table called, for example, rls_filter_tables. It will represent the relation between rls_filter_id and table_id pretty much the same as we have for role-filter relations in the rls_filter_roles.

id | table_id | rls_filter_id
 1 |        5 |             1
 2 |        6 |             1

Outcomes

This way we can re-use existing filters for other tables and preserve space and readability on the RowLevelSecurityView page.