GitHub user alccta created a discussion: [5.0] Guest token RLS not working
using embedded Superset SDK after 4.1.3->5.0.0 upgrade
We have a React application using the @superset-ui/embedded-sdk. We make a POST
to /security/guest_token with a payload like:
```
{
resources: [{ type: "dashboard", id: 'DASHBOARD_ID'}],
rls: [{"clause":"organisation_id = 'ORGANISATION_ID'"}],
user: { username: "", first_name: "", last_name: "" },
}
```
Our JWT guest token contains something like:
```
{
"user": {
"username": "",
"first_name": "",
"last_name": ""
},
"resources": [
{
"type": "dashboard",
"id": "DASHBOARD_ID"
}
],
"rls_rules": [
{
"clause": "organisation_id = 'ORGANISATION_ID'"
}
],
"iat": 1765381404.9507031,
"exp": 1765385004.9507031,
"aud": "http://0.0.0.0:8080/";,
"type": "guest"
}
```
In version 4.1.3, our clause is appended to all of the dataset queries in the
dashboard. However, since upgrading to 5.0.0, the RLS clauses are no longer
applied and instead we are seeing all of the data.
We have enabled logging in superset to check the logs and can see that the
guest token contains our clause in both v4.1.3 and v5.0.0, but the alchemy logs
only show the clause being appended in v4.1.3. No other mentions of the RLS
rule exist in the log that we could find.
We tried specifying the dataset in the guest_token payload but this has also
not had any affect.
Does anyone have any ideas what the problem may be?
TLDR:
* Superset embedded dashboards were filtered using RLS clause in 4.1.3
* Upgraded to 5.0.0 and the RLS clauses are not added to the dataset queries
GitHub link: https://github.com/apache/superset/discussions/36494
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
