fix(embedded): prevent double RLS application in virtual datasets

[YuriyKrasilnikov]

User description

Summary

Fixes #37359: Guest users in embedded dashboards can now use virtual datasets without SQL errors.

Before: Guest RLS applied twice → SQL errors like Unknown expression or function identifier 'my_table.tenant_id'
After: Guest RLS applied once → Virtual datasets work correctly

Problem Analysis

Root Cause (Verified by Code Trace)

get_sqla_row_level_filters() includes guest RLS for every call, but for virtual datasets it's called twice:

1. get_sqla_query() for virtual dataset
   ↓
2. get_from_clause() → apply_rls() → get_predicates_for_table()
   ↓
3. dataset.get_sqla_row_level_filters() ← INCLUDES GUEST RLS (models.py:758-763)
   ↓
4. Guest RLS applied to underlying tables in virtual dataset SQL
   ↓
5. Return to get_sqla_query()
   ↓
6. self.get_sqla_row_level_filters() ← INCLUDES GUEST RLS AGAIN (helpers.py:3198)
   ↓
7. Guest RLS applied to outer WHERE clause
   ↓
8. DOUBLE APPLICATION!

Key Code Locations

File	Lines	Description
superset/models/helpers.py	2052-2057	apply_rls() call in get_from_clause()
superset/utils/rls.py	108	dataset.get_sqla_row_level_filters() call
superset/connectors/sqla/models.py	758-763	Guest RLS addition
superset/models/helpers.py	3198	Outer query RLS call

Why This Happens

Global guest RLS rules (without dataset ID) match both:

• The underlying physical table dataset
• The virtual dataset itself

Both get guest RLS added → double application.

Solution: Separate Method Pattern

Architecture Decision

Evaluated 3 options:

Option	Approach	Risk	Chosen
A	Add parameter to public API	Breaks plugins, 36 test mocks	❌
B	Tracking mechanism (like PR #35890)	Complex, many files	❌
C	Separate internal method	Safe, backwards compatible	✅

Implementation

1. Extract internal method with include_guest_rls parameter:

def get_sqla_row_level_filters(self, template_processor=None):
    """Public API - always includes guest RLS (backwards compatible)"""
    return self._get_sqla_row_level_filters_internal(
        template_processor, include_guest_rls=True
    )

def _get_sqla_row_level_filters_internal(
    self, template_processor=None, include_guest_rls=True
):
    """Internal method with optional guest RLS exclusion"""
    # ... implementation with include_guest_rls check ...

2. Call internal method from get_predicates_for_table():

# Exclude guest RLS for underlying tables to prevent double application
for predicate in dataset._get_sqla_row_level_filters_internal(
    include_guest_rls=False
)

Why Separate Method Pattern?

Risk	Separate Method	Parameter in Public API
Breaking plugins	✅ None	❌ Breaks
Accidental RLS bypass	✅ Protected	❌ Possible
API backwards compatibility	✅ 100%	⚠️ Partial
Test mock updates	✅ Minimal	❌ 36 locations

Security Analysis

Aspect	Status
Regular RLS on underlying tables	✅ Still applied
Guest RLS on outer query	✅ Still applied
Guest RLS bypass possible	❌ No - internal method protected

Mathematical model unchanged: RLS(query) = RLS(underlying) AND RLS(outer)

Related Issues/PRs

• Regression from: PR fix: RLS in virtual datasets #36061 (fix: RLS in virtual datasets)
• Similar fix pattern: PR fix(datasets): prevent double time filter application in virtual datasets #35890 (double time filter)
• SQL Lab: Not affected (guest users cannot access SQL Lab)

Testing

New Tests (6 tests, all pass)

• test_public_api_includes_guest_rls - Backwards compatibility
• test_internal_api_excludes_guest_rls_when_requested - Core fix
• test_internal_api_includes_guest_rls_by_default - Default behavior
• test_regular_rls_always_included - Security
• test_guest_rls_skipped_when_feature_disabled - Feature flag
• test_filter_grouping_preserved - Edge case

Files Changed

• superset/connectors/sqla/models.py - Refactor method
• superset/utils/rls.py - Call internal method
• tests/unit_tests/models/test_double_rls_virtual_dataset.py - New tests

How To Test Manually

1. Create virtual dataset: SELECT * FROM physical_table
2. Create dashboard with chart using virtual dataset
3. Get guest token with global RLS rule: {"clause": "tenant_id = 123"}
4. Open embedded dashboard
5. Before fix: SQL error with alias mismatch
6. After fix: Chart renders correctly

Checklist

• Refactored to Separate Method pattern (safe, backwards compatible)
• 6 unit tests covering all scenarios
• All tests pass
• MyPy type checking passes
• No changes to public API

---

CodeAnt-AI Description

Prevent double application of guest RLS filters for virtual datasets

What Changed

• Global (unscoped) guest row-level security (RLS) rules are excluded when computing predicates for underlying physical tables used by virtual datasets, preventing the same guest rule from being applied twice (inner and outer queries).
• Added an option to include or exclude global guest RLS when retrieving dataset RLS; internal calls that analyze physical tables now exclude global guest RLS while still applying dataset-scoped guest rules and all regular RLS.
• Added and updated unit tests to verify: scoped guest rules apply to the correct table, global guest rules are excluded from inner SQL path, regular RLS is always applied, feature-flag behavior is respected, and the new internal call is used by SQL Lab helpers.

Impact

✅ Fewer SQL errors for guest users in embedded dashboards
✅ Fewer double-applied guest RLS filters in virtual datasets
✅ More accurate filtering for virtual-dataset queries

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[bito-code-review]

Code Review Agent Run #a80900

Actionable Suggestions - 0

Additional Suggestions - 1

• tests/unit_tests/models/test_double_rls_virtual_dataset.py - 1

  • Test intent mismatch · Line 46-86
    The test function name and docstring claim to test the public API get_sqla_row_level_filters(), but the code calls the internal _get_sqla_row_level_filters_internal() method instead. This mismatch could mislead reviewers and hide issues in the public wrapper.

Review Details

• Files reviewed - 3 · Commit Range: b8c3448..b8c3448

  • superset/connectors/sqla/models.py
  • superset/utils/rls.py
  • tests/unit_tests/models/test_double_rls_virtual_dataset.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[netlify]

✅ Deploy Preview for superset-docs-preview ready!

Name	Link
🔨 Latest commit	b8c3448
🔍 Latest deploy log	https://app.netlify.com/projects/superset-docs-preview/deploys/69737b0634e27f00080c6c18
😎 Deploy Preview	https://deploy-preview-37395--superset-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[YuriyKrasilnikov]

Response to bito-code-review suggestion

Analysis of the suggestion

The bot noted that test_public_api_includes_guest_rls name suggests testing public API, but the code calls internal method.

Investigation of Superset test naming patterns:

# Examples from codebase:
test_csv_reader_cast_column_types_function  # tests _cast_column_types
test_get_sqla_engine_user_impersonation     # tests internal behavior
test_query_context_modified_tampered        # describes scenario

Superset pattern: test_<functionality>_<scenario> — no "public_api" or "internal_api" prefixes.

Changes made

Renamed tests to follow Superset naming convention:

Old Name	New Name
test_public_api_includes_guest_rls	test_rls_filters_include_guest_when_enabled
test_internal_api_excludes_guest_rls_when_requested	test_rls_filters_exclude_guest_when_requested
test_internal_api_includes_guest_rls_by_default	test_rls_filters_include_guest_by_default

Method naming verification

The internal method name _get_sqla_row_level_filters_internal follows existing Superset patterns:

• _get_chart_preview_internal (mcp_service/chart/tool/get_chart_preview.py)
• _get_screenshot_internal (mcp_service/screenshot/pooled_screenshot.py)

All 6 tests pass after renaming.

[bito-code-review]

Code Review Agent Run #cc567f

Actionable Suggestions - 0

Review Details

• Files reviewed - 3 · Commit Range: b8c3448..01932f6

  • superset/connectors/sqla/models.py
  • superset/utils/rls.py
  • tests/unit_tests/models/test_double_rls_virtual_dataset.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.42%. Comparing base (fe7f220) to head (af1136e).
⚠️ Report is 10 commits behind head on master.

Files with missing lines	Patch %	Lines
superset/connectors/sqla/models.py	0.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #37395      +/-   ##
==========================================
- Coverage   65.02%   64.42%   -0.61%     
==========================================
  Files        1817     2529     +712     
  Lines       72268   128842   +56574     
  Branches    23017    29694    +6677     
==========================================
+ Hits        46990    83002   +36012     
- Misses      25278    44395   +19117     
- Partials        0     1445    +1445     

Flag	Coverage Δ
hive	40.77% <0.00%> (?)
mysql	61.93% <0.00%> (?)
postgres	62.00% <0.00%> (?)
presto	40.79% <0.00%> (?)
python	63.62% <0.00%> (?)
sqlite	61.63% <0.00%> (?)
unit	100.00% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[YuriyKrasilnikov]

CI Fix

Fixed the failing test_get_predicates_for_table unit test.

Root cause: The test was mocking get_sqla_row_level_filters() but the implementation now calls _get_sqla_row_level_filters_internal(include_guest_rls=False). Updated the mock to use the correct internal method.

---

Note on pre-commit failure: The pre-commit (previous) check failed due to an infrastructure issue (Broken pipe during helm-docs installation via brew), not related to this PR's changes.

[YuriyKrasilnikov]

Response to codeant-ai bot suggestions

1. rls.py:114 - "Logic/security regression"

The bot's concern is incorrect. The change is intentional and does NOT disable guest RLS globally.

Architecture:

• get_predicates_for_table() is called only for underlying tables in virtual dataset SQL (via apply_rls())
• Guest RLS for the virtual dataset itself is applied separately in get_sqla_query() line 3198 via get_sqla_row_level_filters() which always calls _get_sqla_row_level_filters_internal(include_guest_rls=True)

Flow:

1. get_from_clause() → apply_rls() → underlying tables get regular RLS only (no guest RLS)
2. get_sqla_query() → get_sqla_row_level_filters() → virtual dataset gets guest RLS

This prevents double application of guest RLS (the bug described in #37359), while ensuring guest RLS is still applied exactly once at the correct level.

---

2-4. test_double_rls_virtual_dataset.py - "with (patch(...),) tuple syntax"

The bot is incorrect. The syntax with (patch(...), patch(...)): is valid Python 3.10+ syntax per PEP 617. Superset CI uses Python 3.10/3.11 where this is fully supported.

[bito-code-review]

Code Review Agent Run #b25117

Actionable Suggestions - 0

Review Details

• Files reviewed - 4 · Commit Range: 01932f6..68c8087

  • superset/connectors/sqla/models.py
  • superset/utils/rls.py
  • tests/unit_tests/models/test_double_rls_virtual_dataset.py
  • tests/unit_tests/sql_lab_test.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[E87Lq5]

up, please!

[mikkhait]

+1

[YuriyKrasilnikov]

Rebased on latest upstream/master. Did an additional code review and found room for improvement:

• Removed the private _get_sqla_row_level_filters_internal method, replaced it with an include_global_guest_rls parameter on the public get_sqla_row_level_filters(). The original include_guest_rls=False was a binary switch that dropped all guest rules from inner SQL, including dataset-scoped ones. But dataset-scoped guest rules target a specific physical dataset and won't match on the outer query (rule.dataset=PD.id ≠ VD.id) — so they were silently lost. The new parameter skips only global (unscoped) guest rules that cause the duplication. Dataset-scoped rules always pass through.
• Added 4 integration tests for guest RLS scoping through virtual datasets, including full-path tests via get_predicates_for_table() for both scoped and global rules.
• Updated test_get_predicates_for_table to verify include_global_guest_rls=False is passed.

Production code diff: +2 lines in models.py, +2 lines in rls.py, +1 line in helpers.py.

[bito-code-review]

Code Review Agent Run #377fa6

Actionable Suggestions - 0

Additional Suggestions - 1

• tests/unit_tests/security/guest_rls_test.py - 1

  • Missing return type hint · Line 61-61
    The _guest_rls_filter function lacks an explicit return type hint, which violates the requirement for all functions and methods to include type hints for better code consistency and static type checking.
    Code suggestion

     @@ -25,1 +25,2 @@
      from __future__ import annotations
    +from typing import Callable
     @@ -61,1 +62,1 @@
    -def _guest_rls_filter(guest_user: GuestUser):
    +def _guest_rls_filter(guest_user: GuestUser) -> Callable[[MagicMock], list[dict]]:

Review Details

• Files reviewed - 6 · Commit Range: 68c8087..ef320ba

  • superset/connectors/sqla/models.py
  • superset/models/helpers.py
  • superset/utils/rls.py
  • tests/unit_tests/models/test_double_rls_virtual_dataset.py
  • tests/unit_tests/security/guest_rls_test.py
  • tests/unit_tests/sql_lab_test.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[codeant-ai-for-open-source]

Sequence Diagram

This PR changes how row level security is applied for guest users querying virtual datasets, ensuring global guest RLS rules are applied only once on the outer virtual dataset query instead of being duplicated on both underlying tables and the outer query.

sequenceDiagram
    participant GuestUser
    participant EmbeddedDashboard
    participant Backend
    participant RLSEngine
    participant Database

    GuestUser->>EmbeddedDashboard: Open embedded virtual dataset chart
    EmbeddedDashboard->>Backend: Request virtual dataset query
    Backend->>RLSEngine: Build predicates for physical tables (exclude global guest RLS)
    RLSEngine-->>Backend: Predicates with regular and scoped guest RLS
    Backend->>RLSEngine: Get RLS for virtual dataset (include global guest RLS)
    RLSEngine-->>Backend: Combined regular and global guest RLS filters
    Backend->>Database: Execute virtual dataset SQL with single guest RLS application
    Database-->>Backend: Filtered rows
    Backend-->>EmbeddedDashboard: Chart data for guest user

Loading

---

Generated by CodeAnt AI

[YuriyKrasilnikov]

The sequence diagram is accurate. One nuance worth clarifying: in step 3, dataset-scoped guest RLS rules are included in the physical table predicates only when rule["dataset"] matches the physical dataset ID. Global (unscoped) guest rules are excluded here because they would also match the outer virtual dataset query, causing duplication. Dataset-scoped rules don't have this problem — they target a specific physical dataset and won't match on the outer query (rule.dataset = PD.id ≠ VD.id), so they must be applied at the inner level or they'd be silently lost.

[bito-code-review]

Code Review Agent Run #02c86b

Actionable Suggestions - 0

Review Details

• Files reviewed - 6 · Commit Range: b8c3448..af1136e

  • superset/connectors/sqla/models.py
  • superset/models/helpers.py
  • superset/utils/rls.py
  • tests/unit_tests/models/test_double_rls_virtual_dataset.py
  • tests/unit_tests/security/guest_rls_test.py
  • tests/unit_tests/sql_lab_test.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[kgabryje]

thanks for the contriubion @YuriyKrasilnikov !