diff --git a/docs/docs/security/security.mdx b/docs/docs/security/security.mdx index d6655477609..1b2aa8fd240 100644 --- a/docs/docs/security/security.mdx +++ b/docs/docs/security/security.mdx @@ -64,6 +64,26 @@ tables in the **Permissions** dropdown. To select the data sources you want to a You can then confirm with users assigned to the **Gamma** role that they see the objects (dashboards and slices) associated with the tables you just extended them. +### SQL Execution Security Considerations + +Apache Superset includes features designed to provide safeguards when interacting with connected databases, such as the `DISALLOWED_SQL_FUNCTIONS` configuration setting. This aims to prevent the execution of potentially harmful database functions or system variables directly from Superset interfaces like SQL Lab. + +However, it is crucial to understand the following: + +**Superset is Not a Database Firewall**: Superset's built-in checks, like `DISALLOWED_SQL_FUNCTIONS`, provide a layer of protection but cannot guarantee complete security against all database-level threats or advanced bypass techniques (like specific comment injection methods). They should be viewed as a supplement to, not a replacement for, robust database security. + +**Configuration is Key**: The effectiveness of Superset's safeguards heavily depends on proper configuration by the Superset administrator. This includes maintaining the `DISALLOWED_SQL_FUNCTIONS` list, carefully managing feature flags (like `ENABLE_TEMPLATE_PROCESSING`), and configuring other security settings appropriately. + +**Database Security is Paramount**: The ultimate responsibility for securing database access, controlling permissions, and preventing unauthorized function execution lies with the database administrators (DBAs) and security teams managing the underlying database instance. + +**Recommended Database Practices**: We strongly recommend implementing security best practices at the database level, including: +* **Least Privilege**: Connecting Superset using dedicated database user accounts with the minimum permissions required for Superset's operation (typically read-only access to necessary schemas/tables). +* **Database Roles & Permissions**: Utilizing database-native roles and permissions to restrict access to sensitive functions, system variables (like `@@hostname`), schemas, or tables. +* **Network Security**: Employing network-level controls like database firewalls or proxies to restrict connections. +* **Auditing**: Enabling database-level auditing to monitor executed queries and access patterns. + +By combining Superset's configurable safeguards with strong database-level security practices, you can achieve a more robust and layered security posture. + ### REST API for user & role management Flask-AppBuilder supports a REST API for user CRUD,