dosubot[bot] commented on issue #36019: URL: https://github.com/apache/superset/issues/36019#issuecomment-3496131318
<!-- Answer --> Superset determines which database user runs queries using the impersonation setting on the database connection. If the ClickHouse database in Superset is not configured with impersonation enabled, all queries—including those triggered by dashboard viewers—run under the credentials set in the connection (often the dashboard owner's). This is why User2 can see data they shouldn't when accessing a shared dashboard. To ensure queries execute with the current viewer's access rights, set the `impersonate_user` flag to `True` on your ClickHouse database connection in Superset. This tells Superset to use the logged-in user's identity for query execution, so ClickHouse enforces the correct permissions for each viewer. Dataset co-ownership or dashboard sharing does not affect the database credentials used—only the impersonation setting on the database connection does. Note: The ClickHouse connector in Superset uses the username and password from the connection settings, and there is no evidence of dynamic credential switching per user unless impersonation is enabled at the database level. If your ClickHouse setup requires more advanced per-user credential handling, you may need to extend the engine spec or connection logic to support it, but out of the box, enabling impersonation is the supported approach. For reference, see the impersonation logic in the Superset codebase: - [Database class and impersonate_user flag](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/models/core.py#L129-L1172) - [Impersonation handling in engine specs](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/db_engine_specs/base.py#L1678-L1778) - [ClickHouse connection parameters](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/db_engine_specs/clickhouse.py#L200-L432) Set `impersonate_user=True` on your ClickHouse database in Superset to resolve this issue. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/275b4add-9739-4f61-8c28-e323341d04a8?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/275b4add-9739-4f61-8c28-e323341d04a8?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/275b4add-9739-4f61-8c28-e323341d04a8?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/275b4add-9739-4f61-8c28-e323341d04a8?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/275b4add-9739-4f61-8c28-e323341d04a8?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/275b4add-9739-4f61-8c28-e323341d04a8?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/275b4add-9739-4f61-8c28-e323341d04a8?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=githu b) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/36019) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
