betodealmeida commented on issue #31183: URL: https://github.com/apache/superset/issues/31183#issuecomment-2513054364
> This error occurred for users to whom I assigned specific permissions on the `dbo` schema only. When I changed the permissions to full access for the entire database `id:`, the issue was resolved. I noticed that this problem only happens with the `mssql.py` engine, while the others (MySQL, PostgreSQL, and Oracle) are working fine. Right, we need to parse the query in order to determine which catalogs/schemas/tables are being accessed when the user doesn't have full access to the database. If the user has full access we just don't parse the query. In the past this was done using `sqlparse`, which is very lenient, so it was much harder to get an error when parsing SQL. The problem was that it was much easier to trick the parser, and the parsing was not dialect-specific, so we had many security holes. We're currently in the process of switching the parsing to `sqlglot`, which has dialect-specific parsing. Unfortunately some engines don't have corresponding `sqlglot` dialects, and we have to fallback to a generic parser. For MSSQL we use the T-SQL dialect, which AFAIK is the correct one. If you can share the query that's causing problems (anonymized is fine) we can take a look, and file a ticket upstream with `sqlglot`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
