Superset users want to add calculated fields to their datasets, but they run into an error:
Changing this dataset is forbidden
Users have the following roles:
Gamma
tables_modify: [can tables on Superset, can save on Datasource, can get on Datasource, can datasources on Superset, menu access on Tables, can fetch datasource metadata on Superset, can read on Dataset, can write on Dataset]
DB: [database access on [their TimeScale DB], datasource access on [the dataset they want to edit]]
sql_lab
I can't find the role missing for them to be able to edit their datasets. They have read and write permission on it, and are the ones creating the datasets in the first place.
I looked into the database properties but could not find any setting there either. Moreover with admin role I am able to edit datasets so I guess what's missing here is a user role, I just can't find which one.
As official documentation says, Gamma users are not able to alter data sources. Alpha users can add and alter data sources.
Additional information can be read further in that document:
If the user does not have the all_datasource_access permission
granted, the user will only be able to see Slices or explore the
data sources that are granted to them.
Related
In the current usecase, I am using authorized views to handle row level security in the BigQuery dataset and Dataplex to handle the governance and permissions.
When a BQ Dataset is added as an asset, only the tables under it are getting listed as entities and the views are not listed. Is it possible to list the views as well in the entities so that it will be easier for discoverability and handle permissions at a more granular level?
I have tried my best in checking the documentation and playing around in the tool but could not display the BQ views as entities.
Have you tried using the search and under search, navigate to Data types. here you could select data set you want and view you want to see?
We have a bunch of BigQuery datasets and for some reason we need to give out an authorized dataset access to a dataset that's not owned by us or included in our project but the main concern here is that I need to have control over who he gives access to view our datasets from that authorized dataset. Any method or a best practice for this type of problem?
Basically, we did it this way. Gave that other project's dataset the "Authorized dataset" access because they need to build their own views and then open these views to other customers they have. It's now able to view our tables and run queries against our datasets but the problem is that we have no control over who they give access to their dataset that they're using against ours and we need to figure out a way to control this.
I have a table which requires a drive access scope to be queried. I was wondering if there is a way to create a view which wouldn't require this permission to be queried.
It's not possible as per documentation about data drive access
You will need access to data drive.
But as a workaround you can move that data into a dataset on bigquery that will work like an authorized view. As per definition:
Giving a view access to a dataset is also known as creating an authorized view in BigQuery. An authorized view lets you share query results with particular users and groups without giving them access to the underlying tables. You can also use the view's SQL query to restrict the columns (fields) the users are able to query.
Still, your users will need have access to the dataset that stores the view.
For your data analysts to query the view, they need to be granted the bigquery.dataViewer role on the dataset containing the view.
On that way it would be possible to query data which have access restrictions. Even on google documentation there is a guide you can use to produce such query named Create an authorized view.
I have database with many tables. Users have full access to this database and tables to create various charts and dashboards. They use SQL Lab extensively to write custom queries.
However I added a sensitive data in a separate table that needs to be accessed only by few set of users. How can I achieve?
I tried ROW-LEVEL-SECURITY feature.
However, this affects only to Virtual Tables created by Superset. I want to restrict during direct SQL Lab access also.
Possible Solution:
Create ACL at database level and create a seperate connection in Superset.
Cons - This requires a duplicate connection to same database twice.
Ideal solution:
To restrict SQL Lab access to specific tables at superset level. e.g Superset should check User roles and ACLs and decide upon a table can be queried or not.
Is this possible?
Maybe consider implement proper access control to your data with Ranger and from superset impersonate login user.
Am new to Microsoft Lists and trying to implement the library management system. Have prepared a list to show the book details using the 'From Excel' list. Need to restrict the permission based on the user role(admin, client).
For example, If a user needs to request a book, there might be a column to access for the user to send a request for the desired book. So that, an admin will get notified for the request and take action.
Similarly, from the list i created, i need to provide permission to the user to access only one column. The rest of the column can only be for view purposes.
Note: As i searched i found we can set permission like view, view, and edit, and stop sharing the list based on the roles of Members, Owners, and Visitors.
Could anyone please guide me on this?
Regards,
Vadivel
#Karthi,
It's not possible to configure column permission, the least permission is item-level. There is no column-level or view level permission.
Here are 2 possible solutions:
Make the target column read-only. Then develop another interface for the administrator to manage the data. For example, through SharePoint rest API, we can turn the column back to editable and post updates then immediately turn it to read-only.
Check Set List Column Read Only in SharePoint using PowerShell
How to update read only field
Hide the target column and make a calculated column then set its value equal to the target column. The user will only see those calculated columns, any updates on the target column will be reflected in calculated columns.
Check Make SharePoint Columns read-only without coding