In our earlier blog, we have seen how to set up SSO with any identity system that you may have in your organization. In this blog we will look at how the roles and security model of Superset was leveraged to achieve the multi-tenancy that TurboApps needed.
To recap: TurboApps is the Turbo (Digital) Forms and low code platform that Unvired provides for Inspections, Safety Work Permits, Asset Management and many other use cases. TurboApps is available via a public cloud (SAAS) and can also be deployed either on a private cloud or datacenter for enterprises. The software deployed in all instances is the same and supports multi-tenancy as a standard feature. In order to embed the Superset analytics suite we had to extend the same model to Superset also. This was achieved by leveraging standard roles and security that is available in Superset. Before we understand how that was done, lets look at some concepts on which the model is built.
Read Part 1: Selecting An Analytics Solution For Turbo Forms
Roles: Superset provides users access to Datasets (tables / views which hold the data on which the visualization happens) using Roles. Roles determine the operations that a user can perform and also the datasets that they can see. A user can have multiple roles assigned to them. Superset by default is installed with two roles Gamma (restricted for users) and Alpha (for dashboard designers etc). These roles by default have access to all datasets and does not satisfy the restricted access that we need.
Row Level Security (RLS): Superset provides for additional row level security that allows datasets (assigned via roles) to be filtered by additional conditions. For e.g. lets say that tenants are identified in the table via a column TenantID. The RLS can be assigned to certain roles with the additional condition tenantID = 1 (for e.g.). This ensures that when a user with the role for Tenant 1 logs in, the additional RLS where clause is combined with an AND operator and only data that’s saved for TenantID = 1 is now served. Similarly RLS can be set up for each tenant with different IDs so that data can be partitioned accordingly.
Dashboard Role Based Access Control (RBAC): Superset via a feature flag, supports providing access to specific dashboards to specific roles. This allows TurboApps to have both standard dashboards and in addition provide custom dashboards for tenants that are available only to Administrators or Managers or both.
Now that’s behind us, let’s look at the implemented model for multi-tenancy:
- Turbo Apps primarily has two roles that need access to Superset dashboards viz. Administrators and Managers.
- Customize the Alpha (Admin) and Gamma (Manager) roles so that the minimum access is made available to view and work with dashboards and remove all dataset access.
- Create tenant-specific roles and assign dataset access.
- Create tenant-specific RLS and assign the tenant-specific roles to them.
- Create users via SSO and assign Alpha or Gamma based on role and the additional tenant-specific role.
- Assign access to all standard dashboards (RBAC) to Admins and Managers.
Customize Alpha and Gamma: For TurboApps usage we removed all write access for dashboards (for the public cloud) and additionally removed access to all datasets that these standard roles provide. These Alpha-Restricted and Gamma-Restricted roles were what was assigned to all users. The reason that we need to customize and not modify the standard roles is that whenever Superset is upgraded, the “superset init” command needs to be run. This resets all roles to their default values. The restricted Alpha and Gamma roles thus provide users with the ability to view dashboards, export CSV etc. but do not list the datasets that they need access to.
Tenant-specific roles: The tenant-specific roles (for e.g. Tenant-1-Manager and Tenant-1-Admin) provides access to the required datasets (tables, views, queries) and also has the attached RLS entries. Thus any user of a particular tenant will be able to view only their tenant data and also only those tables/views that they are allowed to. This ensures that all standard dashboards are allowed to be viewed and in addition any custom dashboards built for that tenant (using custom datasets) can also be viewed.
Provision Users: When users are auto-provisioned (check the earlier blog on SSO) they are assigned the Alpha or Gamma roles based on whether they are an Administrator or Manager in the TurboApps system. In addition, they are also assigned the Tenant-1-Admin or Tenant-1-Manager role to provide access to the required datasets.
Custom Dashboards: Custom dashboards can be built for tenants either using standard datasets or additional views or queries. The additional views and/or queries are assigned to the tenant specific role so that only users of that tenant have access to it. Additionally, the dashboards that are designed are also marked as accessible (RBAC) for the Tenant-1-Admin or the Tenant-1-Manager role.
Thus we can leverage Superset’s Roles, Row Level Security (RLS), and Dashboard Role-Based Access (RBAC) to ensure that each tenant can access only their dashboards and view only their data.
In the next blog, we will add a provisioning API that allows us to automate the above.