diff --git a/superset/config.py b/superset/config.py
index ae81cfcb6e40..c9b8607e3e6f 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -377,6 +377,22 @@ class CeleryConfig(object):
 # an XSS security vulnerability
 ENABLE_JAVASCRIPT_CONTROLS = False
 
+# A callable that allows altering the database conneciton URL and params
+# on the fly, at runtime. This allows for things like impersonation or
+# arbitrary logic. For instance you can wire different users to
+# use different connection parameters, or pass their email address as the
+# username. The function receives the connection uri object, connection
+# params, and user object, and returns the mutated uri and params objects.
+# Example:
+#   def DB_CONNECTION_MUTATOR(uri, params, user):
+#       if user and user.email:
+#           uri.username = user.email
+#       return uri, params
+#
+# Note that the returned uri and params are passed directly to sqlalchemy's
+# as such `create_engine(url, **params)`
+DB_CONNECTION_MUTATOR = None
+
 try:
     if CONFIG_PATH_ENV_VAR in os.environ:
         # Explicitly import config module that is not in pythonpath; useful
diff --git a/superset/models/core.py b/superset/models/core.py
index b4dbada947f4..41d8742b65b7 100644
--- a/superset/models/core.py
+++ b/superset/models/core.py
@@ -675,6 +675,9 @@ def get_sqla_engine(self, schema=None, nullpool=True, user_name=None):
         if configuration:
             params['connect_args'] = {'configuration': configuration}
 
+        DB_CONNECTION_MUTATOR = config.get('DB_CONNECTION_MUTATOR')
+        if DB_CONNECTION_MUTATOR:
+            url, params = DB_CONNECTION_MUTATOR(url, params, g.user)
         return create_engine(url, **params)
 
     def get_reserved_words(self):