Catalog permission syncs severely degrades dashboard import performance #32993
Comments
dosubot
bot
added
#bug:performance
sadpandajoe
added
the
review:checkpoint
|
@betodealmeida and/or @Vitor-Avila I think recently did some performance improvements for catalogs. Not sure if this was covered, if it was, it might be something that is already fixed or can be cherried in a future release. |
I've had some security concerns about this in the past, since even if you have Let me do some testing and make sure it's safe to skip the permission creation. If so, then it's easy to run the catalog permission creation only for the default catalog when multi-catalog is off. |
|
@betodealmeida we have the |
|
another option (if it's not the case yet) is to rely on |
|
@Vitor-Avila I'm trying to think if we want to support the use case where (1) multi-catalog is disabled but (2) the admin still wants to manage permissions for non-default catalogs. Maybe for BigQuery this is a valid use case? |
|
@betodealmeida even if But regardless, it's a half-check because if the user saves the query as a virtual dataset, it gets mapped to the default catalog and then they can query it. |
They can, but if they don't have DB-level access it won't work. For example, if I only have catalog access to SELECT * FROM projectB.some_schema.some_dataset
Hmmm, would it work? If so we should fix it. |
|
I see.. so basically we check cross-DB queries even if
Last time I tested it did, because once you create a dataset it gets a |
OK, I'll create a ticket and investigate. Thanks! |
|
@Vitor-Avila one thing different here is that Postgres (and RDS, which is what @arafoperata is using) does not allow cross-catalog queries. Unlike BigQuery, this syntax is invalid: SELECT * FROM other_database.public.tableFor databases like this we could have an attribute |
|
@arafoperata can you confirm if RDS supports cross-database queries? We found some answers on StackOverflow saying yes, but it would be nice to have a definitive source. |
@betodealmeida, it depends on the underlying database engine. Since we use RDS Postgres, which does not natively support cross-database (cross-catalog) queries, we can’t do something like SQL Server on RDS does support cross-database queries, since it’s a native feature of SQL Server. I’d say |
|
thanks for the additional context, @arafoperata 🙏 |
rusackas
removed
the
review:checkpoint
|
No worries, thanks for actioning this so quickly @betodealmeida , @Vitor-Avila |
Bug description
The addition of catalogs in Superset 4.1.0 has resulted in significantly worse dashboard import performance. We're seeing dashboard import time increase from <10 seconds to >3 minutes.
We're currently using Postgres (RDS) to serve embedded dashboards in our multi-tenanted application. As we are multi-tenanted, we have one catalog/database per tenant.
When importing dashboards, Superset now iterates through all catalog names to sync permissions. As we have hundreds of catalogs/dbs, this sync adds a couple of minutes per import.
We need to import a default set of dashboards for each tenant (with their own unique set of datasets pointing to their individual databases). The sync permission step needs to run for each dashboard import.
This results in NxN syncs (in our case, N=200, so on the order of 40k syncs). So, the time to upload dashboards for all our tenants has exploded from 30-60 minutes to over 10 hours.
Expected Behavior
I see there already exists a flag to disable catalog discovery -
allow_multi_catalog. I propose that if this flag is set to false, then Superset should only sync permissions for the default catalog.Screenshots/recordings
No response
Superset version
master / latest-dev
Python version
3.9
Node version
16
Browser
Chrome
Additional context
No response
Checklist
The text was updated successfully, but these errors were encountered: