Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dashboard Feature Review #1420

Open
2 of 8 tasks
cbunicef opened this issue Oct 11, 2022 · 3 comments
Open
2 of 8 tasks

Dashboard Feature Review #1420

cbunicef opened this issue Oct 11, 2022 · 3 comments

Comments

@cbunicef
Copy link
Collaborator

cbunicef commented Oct 11, 2022
edited by sheralim012
Loading

Needed before for MVP approval

  • We have "limit 10000" on our chart queries - does this cause problems when we have more than 1000 responses?
  • Superset users that are NOT Superset admins but ARE Wagtail admins, must be able to create and access datasets - @sheralim012 this is an issue I think I identified today during testing. Can non-admins create datasets? Do we need a helper account to create the datasets?

Changes needed after MVP

  • Must have by user permission structure when creating datasets
  • Creating dashboard should automatically take the IoGT account email address as the Superset login
  • Dashboard title via markdown block and total submissions like in this dashboard: https://superset-sandbox.iogt.site/superset/dashboard/5/
  • Must incorporate answer options where there were no responses, via metadata
  • Set "Bar Values" setting on Chart > Customize tab by default
  • Allow for sorting bars by "choices" order in dataset
@sheralim012
Copy link
Contributor

  • We have "limit 10000" on our chart queries - does this cause problems when we have more than 1000 responses?

the "ROW LIMIT" on chart is for data points upon which aggregation is applied not data rows

100k records are shown in the chart
Screenshot 2022-10-12 at 11 03 39 AM

after limiting the rows on chart, data points for aggregation are reduced not data rows and still showing 100k records
Screenshot 2022-10-12 at 11 12 34 AM

@sheralim012
Copy link
Contributor

sheralim012 commented Oct 12, 2022
edited
Loading

  • Superset users that are NOT Superset admins but ARE Wagtail admins, must be able to create and access datasets - @sheralim012 this is an issue I think I identified today during testing. Can non-admins create datasets? Do we need a helper account to create the datasets?
  • there are multiple roles in superset, see here
  • admin and alpha users have access to generate dashboards, datasets, and charts out of the box
  • gamma users need additional access permissions, see here
    • gamma users must be given access to a specific database with dataset and chart read and write permission

Screenshot 2022-10-12 at 12 52 29 PM

@cbunicef
Copy link
Collaborator Author

cbunicef commented Oct 13, 2022
edited
Loading

Great thanks @sheralim012 the rows issue seems like it won't be a problem.

Re datasets, here are the user stories which describe the problem:

As an IoGT PLATFOR ADMIN (eg at CO) I want to be able to press a button in IoGT which will create a Superset dashboard based on a questionnaire.

As an IoGT PLATFORM ADMIN I want to be able to view and modify the resulting dashboard and charts, and give access/modification permissions to other users.

As an IoGT PROJECT LEAD (eg me, my team, etc) I want to have access view, modify, and change permissions on all datasets, dashboards and charts.

As an IoGT PROJECT LEAD I want for each IoGT PLATFORM ADMIN to ONLY have access to dashboards, charts, and datasets that correspond to their IoGT platform (unless I manually change permissions in Superset). This is to keep the environment clean for users.

As an IoGT PROJECT LEAD I want for each IoGT PLATFORM ADMIN to ONLY have access to use data within datasets, not to create datasets (unless I manually give permission). This is to protect against creating datasets from queries which are disruptive to the production database or don't incorporate the questionnaire-level permissions from Django (if we are implementing those through the dataset queries).

As an IoGT PROJECT LEAD I want for each IoGT PLATFORM ADMIN to NOT have access to change dataset configurations (unless I manually give permission). This is to prevent removal of the incorporated questionnaire-level permissions from Django (if we are implementing those through the dataset queries).

The key problem here is that a user needs to create a dataset via the automated dashboard function, but they also should not have permission to create a new dataset manually or edit existing datasets because that will allow them to sidestep query-based permissions structure. Also - right now we only allow admins to use the dashboard tool, but longer-term this should be part of a lower-permission Analyst role, which may have access to questionnaire data only and not the rest of the platform database.

One possible way around this would be implementing the permissions query I designed combined with Jinja through Row Level Security, but I don't believe it's possible as RLS is only a WHERE statement. Jinja may also not work in RLS.

Another possible way is by having a "helper" system user (like we use for RapidPro integration). That user has permission to write datasets, and then gives access to the human user that created the dataset, who has read permission for datasets. Most likely that dataset access permission is done through roles eg giving access to that dataset to "IoGT Zambia Admin" "IoGT Zambia Analyst" roles which are manually assigned to Superset users.

@sheralim012 sheralim012 mentioned this issue Oct 17, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cbunicef @sheralim012