Description
Bug description
Issue Summary
When querying a dataset with Row-Level Security (RLS) applied in SQL Lab, the results are correctly filtered. However, if I click "Create Chart" directly from SQL Lab (without saving the dataset/virtual dataset), the chart displays the entire unfiltered data, ignoring the RLS restrictions. Ideally, it should only show the filtered data returned in SQL Lab.
We can clearly see that SQL Lab returns only 3 rows — as expected. However, on the chart screen, it displays 125 rows, which is incorrect and indicates that the RLS filter is not being applied.
Expected Behavior:
The chart should reflect only the filtered results returned by SQL Lab (i.e., RLS-applied data).
📷 Evidence:
SQL Lab Data Records(RLS)
Chart Screen Data Records
Steps to Reproduce:
- Query a dataset with RLS in SQL Lab.
- Verify that RLS filters are applied (returns limited rows).
- Click "Create Chart" directly from SQL Lab.
- Observe that the chart ignores RLS and shows all rows.
Notes:
This seems to be due to the chart being created from a raw SQL result, which doesn't preserve RLS constraints unless it's saved as a dataset or virtual dataset.
Screenshots/recordings
No response
Superset version
4.1.2
Python version
3.10
Node version
16
Browser
Chrome
Additional context
No response
Checklist
- I have searched Superset docs and Slack and didn't find a solution to my problem.
- I have searched the GitHub issue tracker and didn't find a similar bug report.
- I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.