I am using druid to store data for creating dashboard over superset. Now, I want to use the same cluster to store data for other project which is not completely different. But we want to segregate datasources of both the projects.
Is there a way to create database/keyspace sort of thing to segregate datasources of two different project in druid?
Multiple way to work with this use case.
Easiest one create multiple datasources into superset. Based on the same connection to druid.
Then create roles to provide access to this datasources. Then end user will have 1 or multiple roles. Each role providing data from druid but from different perspective. Every user will be able to create his own dash based on this dataset if allowed by role.
Other way is to user row security level. Each row has a specific tag. Each user is configured to have access to 1 or many tags. This approch allow you to have the same dash for all users
More ressources here => https://superset.apache.org/docs/security
Related
I am fairly new to PBI, and I want to create a powerBI dashboard and share it externally, meaning to different people (users) without a powerBI license. However, the data for each user is restricted based on their rights.
How can I best set this up? I'm thinking to either use a login system, or using different URLs per user. Right now some possible solutions I found are 1) Embedded PowerBi content using Azure, 2) using Row-level security (RLS) or 3) create different URLs based on a column value, and (somehow) have it restricted per user.
My apologies for this entry-level question, any tips are very welcome.
I have database with many tables. Users have full access to this database and tables to create various charts and dashboards. They use SQL Lab extensively to write custom queries.
However I added a sensitive data in a separate table that needs to be accessed only by few set of users. How can I achieve?
I tried ROW-LEVEL-SECURITY feature.
However, this affects only to Virtual Tables created by Superset. I want to restrict during direct SQL Lab access also.
Possible Solution:
Create ACL at database level and create a seperate connection in Superset.
Cons - This requires a duplicate connection to same database twice.
Ideal solution:
To restrict SQL Lab access to specific tables at superset level. e.g Superset should check User roles and ACLs and decide upon a table can be queried or not.
Is this possible?
Maybe consider implement proper access control to your data with Ranger and from superset impersonate login user.
I've searched the documentation a lot, but couldn't find anything that allows me to do the following:
Allow creating a role which allows full table access to tables with certain table names only (ex.: "table1", etc.) that'll be created in future. This should work across all available datasets in a GCP project, and also the ones that'll be created in future.
Is this possible? If not directly, indirectly maybe?
Thanks..
The simplest way to do that would be to create a dataset for housing such tables, and set the access appropriate to what you need. Tables requiring a different set of policies should be housed in other datasets.
More information here: https://cloud.google.com/bigquery/docs/dataset-access-controls
I have been providing access to datasets in BigQuery using the Share Dataset option for some time now. No problem.
But now, I have a specific requirement: I need to provide access to specific people/account/group but I don't want inherited access to work on this dataset.
I mean, I really need to provide access only to specific people to this dataset, so that not even inherited access work.
Is that possible? And if so, how can I do that?
To add more context. There is a dataset which should be available only for one Service Account (the one populating it) and some specific consumer account (HR) as it will contain sensitive data.
Problem is that our project already contains a couple of BigQuery Admin accounts and they of course inherit permissions over the dataset.
I don't think it would be possible as Project level roles are inherited automatically. Making new project may be helpful.
I have searched a lot about this question, there are no concrete answers to this.
I have a AWS Redshift DB, has around 6-7 schema' with 10-12 tables in each.
and dashboards are made within schema level as well as across schema.
here's the use case:
I have some users who needs to see only dashboards related to "schema 1" but not "schema 2"
I have some other users who are looking at dashboards which are connected to "schema 1" and as well as "schema 2", but m not able to find any workaround to this.
I have seen a thread saying that it's possible to give access to schema but they haven't mentioned that How.
https://github.com/apache/incubator-superset/issues/5483#issuecomment-494227986
As per the Superset documentation, you can not create access level on the schema but you can create access on data source level. Or you can create custom data sources and can create desired roles as per your need.
Refer: https://superset.incubator.apache.org/security.html#managing-gamma-per-data-source-access