GitHub user mergisi added a comment to the discussion: Set database transaction
params
Great question about implementing database-level RLS with session variables!
This is a common challenge when working with embedded dashboards.
A few additional tips that might help:
1. **MUTATE_AFTER_SPLIT = True** is crucial when using `SET LOCAL` statements,
as the mutator needs to run per-statement rather than on the whole query batch.
2. For PostgreSQL specifically, the `SET LOCAL` approach with `jwt.claims.*` is
elegant because it's transaction-scoped - the variables automatically reset
after each query, preventing any security leaks between requests.
3. If you're debugging why the mutator isn't called, try adding logging at the
very start of your function and check Superset's worker logs (not just the web
server logs).
4. An alternative approach I've seen work well: use database views with
`current_setting('app.user_id')` in the WHERE clause, then your RLS logic lives
entirely in the database layer.
For testing complex SQL patterns like these session variable injections, I
often use [ai2sql.io](https://ai2sql.io) to quickly validate and generate the
correct SQL syntax before implementing in the mutator - especially helpful when
dealing with database-specific nuances between PostgreSQL, MySQL, etc.
Hope this helps! Let us know if you get it working.
GitHub link:
https://github.com/apache/superset/discussions/37498#discussioncomment-15664185
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
