'Blocking export of data from Apache Superset
I am integrating Apache Superset into my application, and the most important thing for me is to not allow exporting of data outside of the application (sensitive data)
I have created a custom role, started with no permissions, and added only the necessary ones.
There are a few options I have not been able to block:
- I have removed all permissions related to exporting, but when viewing Charts, I am not able to export as CSV but am able to export as JSON (which is effectively the same in terms of the data)
- Also I have been able to remove the option to share as email and get shareable like for Dashboards, but not for Charts
I have also tried to block these endpoints on an infrastructure level (Superset is running on K8S behind Nginx) but blocking the superset-api/v1/api/*/export does not help at all because the export through the UI is from the endpoint superset-api/v1/api/*/data (which cannot be blocked because it is called to view the data)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|