Giter VIP home page Giter VIP logo

Comments (3)

dosubot avatar dosubot commented on June 26, 2024 2

The gamma role in Superset version 3.1.3 does not have the necessary permissions to access dashboards, even if they have access to the underlying datasets. The gamma role is restricted to read-only access for datasets and datasources, and does not include permissions for dashboards. This is why the gamma user can see the dataset in the Dataset folder but not the related dashboards.

To resolve this, you may need to assign additional permissions to the gamma role or consider using a different role that has the necessary dashboard access permissions [1][2][3][4].

To continue talking to Dosu, mention @dosu.

from superset.

dosubot avatar dosubot commented on June 26, 2024 2

To include permissions for dashboards for the gamma role or assign additional permissions to allow access to dashboards in Superset version 3.1.3, you can modify the permissions for the "Gamma" role. Here is an example of how you can ensure that the "Gamma" role has the necessary permissions to access dashboards:

def test_gamma_permissions(self):
    gamma_perm_set = set()
    for perm in security_manager.find_role("Gamma").permissions:
        gamma_perm_set.add((perm.permission.name, perm.view_menu.name))

    # Ensure the Gamma role has the necessary permissions for dashboards
    self.assert_can_all("Dashboard", gamma_perm_set)
    self.assert_can_read("Dataset", gamma_perm_set)
    self.assert_can_all("Chart", gamma_perm_set)

    self.assertIn(("can_csv", "Superset"), gamma_perm_set)
    self.assertIn(("can_dashboard", "Superset"), gamma_perm_set)
    self.assertIn(("can_explore", "Superset"), gamma_perm_set)
    self.assertIn(("can_share_chart", "Superset"), gamma_perm_set)
    self.assertIn(("can_share_dashboard", "Superset"), gamma_perm_set)
    self.assertIn(("can_explore_json", "Superset"), gamma_perm_set)
    self.assertIn(("can_userinfo", "UserDBModelView"), gamma_perm_set)
    self.assertIn(("can_view_chart_as_table", "Dashboard"), gamma_perm_set)
    self.assertIn(("can_view_query", "Dashboard"), gamma_perm_set)

This code ensures that the "Gamma" role has the necessary permissions to access and interact with dashboards. The assert_can_all method checks that the role has both read and write permissions for the "Dashboard" view. Additionally, it verifies that the role has other related permissions such as can_csv, can_dashboard, can_explore, etc. [1].

Additionally, you can use the Superset frontend to assign roles to dashboards directly. The PropertiesModal component in the Superset frontend allows you to manage roles and owners for a dashboard. Here is an example of how you can use the PropertiesModal to assign roles:

return (
  <>
    <Row>
      <Col xs={24} md={24}>
        <h3 style={{ marginTop: '1em' }}>{t('Access')}</h3>
      </Col>
    </Row>
    <Row gutter={16}>
      <Col xs={24} md={12}>
        <StyledFormItem label={t('Owners')}>
          <AsyncSelect
            allowClear
            allowNewOptions
            ariaLabel={t('Owners')}
            disabled={isLoading}
            mode="multiple"
            onChange={handleOnChangeOwners}
            options={(input, page, pageSize) =>
              loadAccessOptions('owners', input, page, pageSize)
            }
            value={handleOwnersSelectValue()}
          />
        </StyledFormItem>
        <p className="help-block">
          {t(
            'Owners is a list of users who can alter the dashboard. Searchable by name or username.',
          )}
        </p>
      </Col>
      <Col xs={24} md={12}>
        <StyledFormItem label={t('Roles')}>
          <AsyncSelect
            allowClear
            ariaLabel={t('Roles')}
            disabled={isLoading}
            mode="multiple"
            onChange={handleOnChangeRoles}
            options={(input, page, pageSize) =>
              loadAccessOptions('roles', input, page, pageSize)
            }
            value={handleRolesSelectValue()}
          />
        </StyledFormItem>
        <p className="help-block">
          {t(
            'Roles is a list which defines access to the dashboard. Granting a role access to a dashboard will bypass dataset level checks. If no roles are defined, regular access permissions apply.',
          )}
        </p>
      </Col>
    </Row>
    <Row>
      <Col xs={24} md={12}>
        <ColorSchemeControlWrapper
          hasCustomLabelColors={hasCustomLabelColors}
          onChange={onColorSchemeChange}
          colorScheme={colorScheme}
          labelMargin={4}
        />
      </Col>
    </Row>
  </>
);

This component allows you to assign roles to a dashboard, which will bypass dataset level checks and grant the specified roles access to the dashboard [2].

Additionally, you can use utility functions to check and manage permissions programmatically. For example, the userHasPermission function can be used to verify if a user has a specific permission:

export function userHasPermission(
  user: UserWithPermissionsAndRoles | UndefinedUser,
  viewName: string,
  permissionName: string,
) {
  return (
    isUserAdmin(user) ||
    (isUserWithPermissionsAndRoles(user) &&
      Object.values(user.roles || {})
        .flat()
        .some(
          permissionView =>
            permissionView[0] === permissionName &&
            permissionView[1] === viewName,
        ))
  );
}

This function checks if the user has the specified permission for a given view, considering both admin roles and specific permissions assigned to the user's roles [3].

The integration tests in tests/integration_tests/dashboards/security/security_rbac_tests.py provide further examples of how role-based access control (RBAC) is implemented and tested in Superset. For instance, the TestDashboardRoleBasedSecurity class includes tests that verify access permissions for different roles, ensuring that only authorized users can access specific dashboards. These tests can serve as a reference for setting up and verifying permissions in your Superset instance [4].

To continue talking to Dosu, mention @dosu.

from superset.

Zarrina1 avatar Zarrina1 commented on June 26, 2024

@dosu
How to include permissions for read-only access on dashboards then but for gamma user ?

from superset.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.