From f996dc5eee7fe437745ddfdd28d7f7f3f3ea91cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pol=20Mons=C3=B3=20Purt=C3=AD?= Date: Fri, 16 Feb 2024 12:40:26 +0100 Subject: [PATCH] Resolve "Afegir capacitat de filtrar per usuari el abast de dades al dashboard de O&M" (et/somenergia-jardiner!107) * add docs on how to apply row level security for maintenance company * add docs on how to apply row level security for maintenance company * fix: dm_plants must not be an upstream node of int_ --- .../int_dset_responses__spined_metadata.sql | 98 +++++++++---------- .../2024-02-16-row-level-security.md | 17 ++++ 2 files changed, 66 insertions(+), 49 deletions(-) create mode 100644 docs/desenvolupadors/2024-02-16-row-level-security.md diff --git a/dbt_jardiner/models/jardiner/intermediate/dset/int_dset_responses__spined_metadata.sql b/dbt_jardiner/models/jardiner/intermediate/dset/int_dset_responses__spined_metadata.sql index cb5fcd36..0450f474 100644 --- a/dbt_jardiner/models/jardiner/intermediate/dset/int_dset_responses__spined_metadata.sql +++ b/dbt_jardiner/models/jardiner/intermediate/dset/int_dset_responses__spined_metadata.sql @@ -1,65 +1,65 @@ {{ config(materialized='view') }} with spina5m as ( - select generate_series('2023-12-01', now(), '5 minutes') as ts + select generate_series('2023-12-01', now(), '5 minutes') as ts ), spined_expected_signals as ( - select - spina5m.ts, - plants.nom_planta, - plants.plant_uuid, - metadata.device_uuid, - metadata.device_name, - metadata.device_type, - metadata.signal_name, - metadata.signal_uuid, - metadata.metric_name, - metadata.device_parent - from - spina5m - {# dm_plants is the SSOT of the plants names #} - left join {{ ref("dm_plants") }} as plants on true + select + spina5m.ts, + plants.plant_name, + plants.plant_uuid, + metadata.device_uuid, + metadata.device_name, + metadata.device_type, + metadata.signal_name, + metadata.signal_uuid, + metadata.metric_name, + metadata.device_parent + from + spina5m + {# dm_plants is the SSOT of the plants names #} + left join {{ ref("int_gda_plants__plants_catalog") }} as plants on true left join {{ ref("raw_gestio_actius__signal_denormalized") }} as metadata using (plant_uuid) ), dset_from_december_2023 as ( - select * from {{ ref("int_dset_responses__materialized") }} - where - ts > '2023-12-01' - {# if we don't limit queried_at the planner shits the bed #} - and queried_at > '2023-12-01' + select * from {{ ref("int_dset_responses__materialized") }} + where + ts > '2023-12-01' + {# if we don't limit queried_at the planner shits the bed #} + and queried_at > '2023-12-01' ), spined_dset as ( - select - spined.ts, - spined.nom_planta as plant_name, - spined.plant_uuid, - spined.device_uuid, - spined.device_name, - spined.device_type, - spined.signal_uuid, - spined.signal_name, - spined.metric_name, - spined.device_parent, - valors.signal_value, - valors.group_name, - valors.signal_id, - valors.signal_tz, - valors.signal_code, - valors.signal_type, - valors.signal_unit, - valors.signal_frequency, - valors.signal_is_virtual, - valors.signal_last_ts, - valors.signal_last_value, - valors.queried_at, - valors.materialized_at, - valors.ts is not null as from_dset - from spined_expected_signals as spined + select + spined.ts, + spined.plant_name, + spined.plant_uuid, + spined.device_uuid, + spined.device_name, + spined.device_type, + spined.signal_uuid, + spined.signal_name, + spined.metric_name, + spined.device_parent, + valors.signal_value, + valors.group_name, + valors.signal_id, + valors.signal_tz, + valors.signal_code, + valors.signal_type, + valors.signal_unit, + valors.signal_frequency, + valors.signal_is_virtual, + valors.signal_last_ts, + valors.signal_last_value, + valors.queried_at, + valors.materialized_at, + valors.ts is not null as from_dset + from spined_expected_signals as spined left join dset_from_december_2023 as valors - using (ts, signal_uuid) - order by spined.ts desc, spined.nom_planta asc + using (ts, signal_uuid) + order by spined.ts desc, spined.plant_name asc ) select * from spined_dset diff --git a/docs/desenvolupadors/2024-02-16-row-level-security.md b/docs/desenvolupadors/2024-02-16-row-level-security.md new file mode 100644 index 00000000..77ba99d6 --- /dev/null +++ b/docs/desenvolupadors/2024-02-16-row-level-security.md @@ -0,0 +1,17 @@ +El procés és: + +1. Crear un rol `Manteniment_` +1. Afegir una regla [Row Level Security](https://indicadors.somenergia.coop/rowlevelsecurity/list/)
+![image](https://gitlab.somenergia.coop/et/somenergia-jardiner/uploads/b9ed42b43f95f2c9a527db63ebb18113/image.png)
+Pareu atenció al camp "clause", s'afegirà com a condició where exclusiva (and) als datasets que seleccionem. +1. Donar accés als charts d'un dashboard
+![image](https://gitlab.somenergia.coop/et/somenergia-jardiner/uploads/238587e65493d666317a60fee0521fa4/image.png) +1. [Afegir la o les usuàries](https://indicadors.somenergia.coop/users/list/) i assignar-los els rols [Gamma] i `[Manteniment_]` + +easy peasy. Ho he fet amb energes amb la clause `nom_planta in (noms plantes)` + +Hem decidit a 02/2024 que no val la pena propagar l'empresa de manteniment en el pipe per a cobrir aquest use case, ja que no cal afegir 5m aquestes metadadades per a un tema de visualització i permisos. Ho gestionem en la capa de visualització. + +:warning: Canvis d'empresa de manteniment s'hauran de fer al Superset (i a les metadades de la planta, per coherència). + +Més Context: [#101](https://gitlab.somenergia.coop/et/somenergia-jardiner/-/issues/101) i [Trello](https://trello.com/c/mPOAsMe8/211-spike-superset)