Is there a clear cut way to add row-level security to dash apps?
For example:
When building a simple sales dashboard, there will be a column for Salesman.
When adding authorization to an app, is there a way for me to assign someone’s authorization username to a person in said column so I can make it that when they sign in they’ll only be allowed to view their data?
You can use flask login. Checkout the documentation on this page: https://flask-login.readthedocs.io/en/latest/
Once you put the user control in place and you are able to login, you can check if the user is authenticated via the is_authenticated property of the current_user proxy. Something like this:
if current_user.is_authenticated:
#your code here
Hope it helps
Hi @RafaelMiquelino , how do you use Flask login with dash? I know there is an independent github package not mantained by plotly that is supposed to bridge dash and flask-login but the comments on the github page say it does not actually work…
Hello, I have a working application in dash that uses Flask login for user authentication. I know the package you are talking about but I didn’t use it. Did you try to implement it and had any issue? The implementation is described in the Flask login docs.
Thanks for your reply! I have not tried to implement Flask Login as my impression from previous forum posts was that it would not work directly with Dash. Did you have to do anything special to make them get along? Or did you use it the same way you would do it in a standard Flask application?
Thanks!
There is nothing really special to be done. You just need to put in place the flask login authentication and when you have the user authenticated you render a specific page layout. Check bellow a snippet from my application with this process, I switch among different layouts based on the user authentication status and the url:
app.layout = html.Div(
[
header,
html.Div([
html.Div(
html.Div(id='page-content', className='content'),
className='content-container'
),
], className='container-width'),
dcc.Location(id='url', refresh=False),
]
)
@app.callback(Output('page-content', 'children'),
[Input('url', 'pathname')])
def display_page(pathname):
if pathname == '/':
return login.layout
elif pathname == '/login':
return login.layout
elif pathname == '/dashboard':
if current_user.is_authenticated:
return dashboard.layout
else:
return login_fd.layout
elif pathname == '/logout':
if current_user.is_authenticated:
logout_user()
return logout.layout
else:
return logout.layout
else:
return '404'
Awesome, I will try this out!! Seems the only big difference with standard flask is that we do not use the decorator to check the login, but need to perform the check “manually”, the rest looks standard!
Thanks again for sharing the code! 
Yes. That’s it. I also managed to do it with the decorator but I realized that this manually check is a better implementation for Dash.
Hello, if it is still useful for you, I made available a simple example of the Flask-login implementation on top of a dash app here: https://github.com/RafaelMiquelino/dash-flask-login.
Hey! I want to pass a dynamic user_id for the logged in user, and create graph for the same person. user A cannot see data of user B. How do I connect MySQL database and create dashboards ? user A can only access his own data and not user B’s? Can you provide some resources to refer to? I’m new in this!!
Any solution to this problem?
FWIW, one solution to this problem is to license Dash Enterprise and use its authentication middleware. This includes integration with the dash-enterprise-auth package which provides the username to your callbacks that you can use for row level security.