Feature: new permission model #724
Conversation
|
Awesome😍 |
arikfr
force-pushed
the
feature/permissions
branch
2 times, most recently
from
4997028
to
2732f6d
Compare
This is one huge change for the permissions system and related: * (Backward incompatible:) Remove the table based permissions in favour of the new model. * Manage permission to view or query datasources based on groups. * Add the concept of Organization. It's irrelevant for most deployments, but allows for multi-tenant support in re:dash. * Replace ActivityLog with Event based rows (old data in activity_log table is retained). * Enforce permissions on the server-side. There were some permissions that were only enforced on the client side. This is no more. All permissions are enforced by the server. * Added new permission: 'super-admin' to access the status and Flask-Admin interface. * Make sure that html is never cached by the browser - this is to make sure that the browser will always ask for the new Javascript/CSS resources (if such are available).
arikfr
force-pushed
the
feature/permissions
branch
from
19f3882
to
f7b57fa
Compare
arikfr
changed the title
arikfr
force-pushed
the
feature/permissions
branch
from
d291cd3
to
187be27
Compare
To avoid complications with how Google Auth works, when enabling organization multi-tenancy on a single instance, each organization becomes a "sub folder" instead of a sub-domain.
arikfr
force-pushed
the
feature/permissions
branch
from
187be27
to
7c6b95e
Compare
|
Curious if this will be added to the AWS images soon? I just launched mine and am trying to figure out how to implement access control . |
|
I'm planning to create new images tomorrow. But until then you can just run On Wednesday, 20 January 2016, Max Pleaner notifications@github.com wrote:
Arik Fraimovich |
|
Please be sure to update system patches on your AMI. The existing AMIs are old enough that they have some unpatched vulnerabilities. |
|
@Xangis sure. I'm always taking the latest Ubuntu base image. |
It will be great if it will be possible to set access to whole dashboard by groups. Example:
|
|
And one more thing - "read only" status to group. Users in this group can't edit/view SQL source :) |
|
While both groups will see that both dashboards exists, each group will be able to see the contents of only its own dashboards.
This already exists: you can set that a group has permission to only view queries on some (or all) data sources. |
I already try this, but users can view SQL query (only button "Execute" was disabled) and can edit charts. |
|
Is there any documentation on how to create "Organizations"? Thanks |
This pull request implements new permission model (explained below) and interface for adding groups and associating members with groups. It implements most of the functionality of #636, except for per query permissions.
New Permission Model
Until now each user had one or more groups associated with him, from which he derived the actions he permitted to do in the system (execute query, run query, create dashboard, etc). With this pull request I add another dimension to this: each datasource is associated with the groups that can access it, where access is either full access or just read access (read existing queries).
This simple model should allow a variety of use cases, but in the future I can see two enhancements to it:
How does it work?
What if I want to limit the user to only some tables?
The idea is to leverage your database's security model, and hence create a user with access to the tables/columns you want to give access to, create a datasource that is using this user and then associate it with a group of users who need this level of access.
Previously each group had a
tablesproperty, which was used for a similar purpose, this is now removed. It wasn't fully safe, and I believe it's better to rely on the database's security model. If you were using this, please update your datasources accordingly.Organizations
In this pull request I'm also introducing "Organizations", which is a way to partition data in your re:dash instance beyond groups. While groups allow you to manage who can access individual queries/datasources, the users and dashboards are visible to everyone. With an organization you can create a "silo", where each organization has its own users, datasources, dashboards and groups.
It's irrelevant to most of the users, and I tried to minimize the impact on the source code. Its purpose is to serve as basis for a hosted re:dash service (SaaS), I'm going to introduce (I will share more details soon).
Backward Incompatible Changes
There are some backward incompatible changes in this pull request:
tablesproperty in groups (and feature) was removed. If you used this, please create the relevant datasources when migrating.defaultandadmin, I recommend reviewing the changes and making sure that they don't affect you.(Closes #580)