Security

Authentication

Every user has to be authenticated before using Superset: there are several ways in which this can be set up.

Webinterface

The default setting is to manually set up users via the Webinterface.

LDAP

Superset supports authentication of users against an LDAP server. This requires setting up an AuthenticationClass for the LDAP server. The AuthenticationClass is then referenced in the SupersetCluster resource as follows:

apiVersion: superset.stackable.tech/v1alpha1
kind: SupersetCluster
metadata:
  name: superset-with-ldap-server
spec:
  image:
    productVersion: 1.5.1
    stackableVersion: 23.4.0-rc2
  [...]
  authenticationConfig:
    authenticationClass: ldap    (1)
    userRegistrationRole: Admin  (2)
1 The reference to an AuthenticationClass called ldap
2 The default role to which all users are assigned

Users that log in with LDAP are assigned to a default Role which is specified with the userRegistrationRole property.

You can follow the Authentication with OpenLDAP tutorial to learn how to set up an AuthenticationClass for an LDAP server, as well as consulting the AuthenticationClass reference.

Authorization

Superset has a concept called Roles which allows you to grant user permissions based on roles. Have a look at the Superset documentation on Security.

Webinterface

You can view all the available roles in the Webinterface of Superset and can also assign users to these roles.

LDAP

Superset supports assigning Roles to users based on their LDAP group membership, though this is not yet supported by the Stackable operator. All the users logging in via LDAP get assigned to the same role which you can configure via the attribute authenticationConfig.userRegistrationRole on the SupersetCluster object:

apiVersion: superset.stackable.tech/v1alpha1
kind: SupersetCluster
metadata:
  name: superset-with-ldap-server
spec:
  [...]
  authenticationConfig:
    authenticationClass: ldap
    userRegistrationRole: Admin  (1)
1 All users are assigned to the Admin role