Is anyone try to implement Multi-Tenancy in Apache Superset

Question

I tried by cloning from the Github project, but it's not worked for me. Is any other way to achieve multi-tenancy in Apache superset. I tried from this source https://github.com/apache/incubator-superset/pull/3729/files/5a063f37d77efc0d4a50ba8406a62e8eee4964ed . But I didn't achieve multi-tenancy. I got stuck with these errors.

Traceback (most recent call last):
  File "C:\Users\ELCOT\AppData\Local\Programs\Python\Python36\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "C:\Users\ELCOT\AppData\Local\Programs\Python\Python36\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "D:\myfolder\my-superset\venv\Scripts\flask.exe\__main__.py", line 9, in <module>
  File "d:\myfolder\my-superset\venv\lib\site-packages\flask\cli.py", line 967, in main
    cli.main(args=sys.argv[1:], prog_name="python -m flask" if as_module else None)
  File "d:\myfolder\my-superset\venv\lib\site-packages\flask\cli.py", line 586, in main
    return super(FlaskGroup, self).main(*args, **kwargs)
  File "d:\myfolder\my-superset\venv\lib\site-packages\click\core.py", line 782, in main
    rv = self.invoke(ctx)
  File "d:\myfolder\my-superset\venv\lib\site-packages\click\core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "d:\myfolder\my-superset\venv\lib\site-packages\click\core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "d:\myfolder\my-superset\venv\lib\site-packages\click\core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "d:\myfolder\my-superset\venv\lib\site-packages\click\core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "d:\myfolder\my-superset\venv\lib\site-packages\click\decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "d:\myfolder\my-superset\venv\lib\site-packages\flask\cli.py", line 425, in decorator
    with __ctx.ensure_object(ScriptInfo).load_app().app_context():
  File "d:\myfolder\my-superset\venv\lib\site-packages\flask\cli.py", line 388, in load_app
    app = locate_app(self, import_name, name)
  File "d:\myfolder\my-superset\venv\lib\site-packages\flask\cli.py", line 240, in locate_app
    __import__(module_name)
  File "D:\myfolder\my-superset\Apache-superset-multi_tenancy_new\superset\__init__.py", line 22, in <module>
    from superset.multi_tenant import MultiTenantSecurityManager
  File "D:\myfolder\my-superset\Apache-superset-multi_tenancy_new\superset\multi_tenant.py", line 9, in <module>
    class MultiTenantUser(User):
  File "d:\myfolder\my-superset\venv\lib\site-packages\flask_sqlalchemy\model.py", line 67, in __init__
    super(NameMetaMixin, cls).__init__(name, bases, d)
  File "d:\myfolder\my-superset\venv\lib\site-packages\flask_sqlalchemy\model.py", line 121, in __init__
    super(BindMetaMixin, cls).__init__(name, bases, d)
  File "d:\myfolder\my-superset\venv\lib\site-packages\sqlalchemy\ext\declarative\api.py", line 75, in __init__
    _as_declarative(cls, classname, cls.__dict__)
  File "d:\myfolder\my-superset\venv\lib\site-packages\sqlalchemy\ext\declarative\base.py", line 131, in _as_declarative
    _MapperConfig.setup_mapping(cls, classname, dict_)
  File "d:\myfolder\my-superset\venv\lib\site-packages\sqlalchemy\ext\declarative\base.py", line 160, in setup_mapping
    cfg_cls(cls_, classname, dict_)
  File "d:\myfolder\my-superset\venv\lib\site-packages\sqlalchemy\ext\declarative\base.py", line 192, in __init__
    self._setup_inheritance()
  File "d:\myfolder\my-superset\venv\lib\site-packages\sqlalchemy\ext\declarative\base.py", line 601, in _setup_inheritance
    "Can't place __table_args__ on an inherited class "
sqlalchemy.exc.ArgumentError: Can't place __table_args__ on an inherited class with no table.

I am unable to find any solution regarding this error.

Answer 1

There's a new feature called "Row Level Security (RLS).

https://github.com/apache/incubator-superset/pull/8699

It's was merged in release 0.36 but had a bug, so was excluded last minute and shifted to 0.37. It's disabled by default and can be enabled in the config file superset_config.py :

ENABLE_ROW_LEVEL_SECURITY = True

You'll find some menu item in "security" which will allow you to add custom filters that will be added to queries. It's configured by datasource and filters can be dependant on user roles. SQL is free and thus very flexible. So the main tenant logic needs to be applied to your tenant model in the SQL.

You can also use JINJA scripting, but you're limited to supersets own variables here as self defined vars will live on a different machine (UI vs backend aka celery worker).

The feature is used in different production environments already (this info is from the dev list).