GitHub user dosubot[bot] closed the discussion with a comment: Is it possible to remove the field "query" in the result json ?
<!-- Greeting --> Hi @khashashin! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> Superset currently removes the `query` field from the `/chart/data` API response for guest users, but this logic does not apply to other endpoints like the dataset API. In Superset 5.x, the dataset API still exposes the `query` (or `sql`) field to guest token users, and there is no global configuration to hide it automatically. To prevent exposing sensitive information in embedded dashboards, you would need to implement custom backend logic to filter out sensitive fields for guest users in the dataset API, similar to what was done for `/chart/data` in [PR #30858](https://github.com/apache/superset/pull/30858). Best practices for securing embedded dashboards include restricting guest role permissions, applying Row Level Security (RLS) rules, and validating guest token parameters, but these do not guarantee removal of sensitive fields from all API responses. If you need to fully prevent exposure, endpoint-specific code changes are required in Superset as of 5.x. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/4deff1d2-321c-4a23-a2cc-2d62d2b6e7c6?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/4deff1d2-321c-4a23-a2cc-2d62d2b6e7c6?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/4deff1d2-321c-4a23-a2cc-2d62d2b6e7c6?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/4deff1d2-321c-4a23-a2cc-2d62d2b6e7c6?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/4deff1d2-321c-4a23-a2cc-2d62d2b6e7c6?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/4deff1d2-321c-4a23-a2cc-2d62d2b6e7c6?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/4deff1d2-321c-4a23-a2cc-2d62d2b6e7c6?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/32765) GitHub link: https://github.com/apache/superset/discussions/32765#discussioncomment-14687642 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
