I have searched a lot about this question, there are no concrete answers to this.
I have a AWS Redshift DB, has around 6-7 schema' with 10-12 tables in each.
and dashboards are made within schema level as well as across schema.
here's the use case:
I have some users who needs to see only dashboards related to "schema 1" but not "schema 2"
I have some other users who are looking at dashboards which are connected to "schema 1" and as well as "schema 2", but m not able to find any workaround to this.
I have seen a thread saying that it's possible to give access to schema but they haven't mentioned that How.
https://github.com/apache/incubator-superset/issues/5483#issuecomment-494227986
As per the Superset documentation, you can not create access level on the schema but you can create access on data source level. Or you can create custom data sources and can create desired roles as per your need.
Refer: https://superset.incubator.apache.org/security.html#managing-gamma-per-data-source-access
Related
I am fairly new to PBI, and I want to create a powerBI dashboard and share it externally, meaning to different people (users) without a powerBI license. However, the data for each user is restricted based on their rights.
How can I best set this up? I'm thinking to either use a login system, or using different URLs per user. Right now some possible solutions I found are 1) Embedded PowerBi content using Azure, 2) using Row-level security (RLS) or 3) create different URLs based on a column value, and (somehow) have it restricted per user.
My apologies for this entry-level question, any tips are very welcome.
I have the following issue in AWS QuickSight: A user created a dataset through Athena. Everything worked fine. The user shared the dataset with another user granting him OWNER rights. Then the first user was deleted. Now the second user can't edit the dataset anymore. He can share it but the person it is shared to can't edit it either. The error message:
Hopefully this can be solved by the Quicksight account Admin using the Quicksight UI to add dataset editing permission to this user as shown here.
Or it may well be that the new Owner does not have the required IAM permissions such as quicksight:UpdateDataSet IAM permission, see the docs.
What does it say when you click the "Show details" link in the screenshot above?
This is quite a mess to be honest. The data sources in QuickSight are connected to the user who created it. They inherit their access roles from whoever created them. This is not accessible through the API though I think it is mentioned in the documentation somewhere. Thus it can't be changed.
So when we deleted the users who originally created the data sources they ceased working along with the data sets based on them.
Our solution for this was that we created "standard" data sources with a technical user - this was not such a big deal because we exclusively use Athena - and then recreated all the data sets and switched them to the new standard data sources - this was a big deal because analysts had to switch data sets in their analysis / dashboards.
To me this shows that QuickSight is not quite complete as a analytics platform in large companies. The API is not quite there.
I've searched the documentation a lot, but couldn't find anything that allows me to do the following:
Allow creating a role which allows full table access to tables with certain table names only (ex.: "table1", etc.) that'll be created in future. This should work across all available datasets in a GCP project, and also the ones that'll be created in future.
Is this possible? If not directly, indirectly maybe?
Thanks..
The simplest way to do that would be to create a dataset for housing such tables, and set the access appropriate to what you need. Tables requiring a different set of policies should be housed in other datasets.
More information here: https://cloud.google.com/bigquery/docs/dataset-access-controls
I am using druid to store data for creating dashboard over superset. Now, I want to use the same cluster to store data for other project which is not completely different. But we want to segregate datasources of both the projects.
Is there a way to create database/keyspace sort of thing to segregate datasources of two different project in druid?
Multiple way to work with this use case.
Easiest one create multiple datasources into superset. Based on the same connection to druid.
Then create roles to provide access to this datasources. Then end user will have 1 or multiple roles. Each role providing data from druid but from different perspective. Every user will be able to create his own dash based on this dataset if allowed by role.
Other way is to user row security level. Each row has a specific tag. Each user is configured to have access to 1 or many tags. This approch allow you to have the same dash for all users
More ressources here => https://superset.apache.org/docs/security
I have created a Dataflow in power bi service. Now my client's requirements is that they want to take the data from the dataflow as per the roles. There is a user table where roles are already defined. My question is that without the relation between tables, how I am supposed to filter the data from all the tables? Is it possible at all? Or how can I make relationship of the tables in dataflow? Or any alternate procedure to take the data from dataflow as per the roles. Help me pls. Thanks in advance.
If your data supports it, for example some sort of mapping between the user and the data they are allowed to see, you will need to use Row Level Security to restrict what the end users see in the report. You will make the relationship between your dataflow and mapping table in Power BI, not the dataflow.
If you mean restricting access to the data in the dataflow based on their role, for example the user creates a report it only loads what they are allowed to see, then this functionality is not supported.
Hope that helps