Authentication and Authorization
Cube can be configured with dynamic username & password verification system by
setting a checkSqlAuth() function in the
cube.js configuration file. This function should verify username and return
object with password and security context.
If password returned from this function matches provided in connection string user will be authenticated with provided security context.
module.exports = {
checkSqlAuth: async (req, username) => {
if (username === 'fooUser') {
return {
password: 'mypassword',
securityContext: {},
};
}
throw new Error('Incorrect user name or password');
},
};Cube's SQL API can also use the Security Context for Dynamic Schema
Creation or queryRewrite
property in your cube.js configuration file.
By default, the SQL API uses the current user's Security Context, but this behaviour can be modified so that certain users are allowed to switch. To do this, we must first define which user is allowed to change Security Context:
First, you need to define what user is allowed to change security context:
CUBEJS_SQL_SUPER_USER=adminIf it's not enough for your case, you define your logic for check with
canSwitchSqlUser property in your cube.js configuration
file.
You can change security context for specific query via virtual filter on:
SELECT * FROM Orders WHERE __user = 'anotheruser';Did you find this page useful?
