Comments (3)
The gamma role in Superset version 3.1.3 does not have the necessary permissions to access dashboards, even if they have access to the underlying datasets. The gamma role is restricted to read-only access for datasets and datasources, and does not include permissions for dashboards. This is why the gamma user can see the dataset in the Dataset folder but not the related dashboards.
To resolve this, you may need to assign additional permissions to the gamma role or consider using a different role that has the necessary dashboard access permissions [1][2][3][4].
To continue talking to Dosu, mention @dosu.
from superset.
To include permissions for dashboards for the gamma role or assign additional permissions to allow access to dashboards in Superset version 3.1.3, you can modify the permissions for the "Gamma" role. Here is an example of how you can ensure that the "Gamma" role has the necessary permissions to access dashboards:
def test_gamma_permissions(self):
gamma_perm_set = set()
for perm in security_manager.find_role("Gamma").permissions:
gamma_perm_set.add((perm.permission.name, perm.view_menu.name))
# Ensure the Gamma role has the necessary permissions for dashboards
self.assert_can_all("Dashboard", gamma_perm_set)
self.assert_can_read("Dataset", gamma_perm_set)
self.assert_can_all("Chart", gamma_perm_set)
self.assertIn(("can_csv", "Superset"), gamma_perm_set)
self.assertIn(("can_dashboard", "Superset"), gamma_perm_set)
self.assertIn(("can_explore", "Superset"), gamma_perm_set)
self.assertIn(("can_share_chart", "Superset"), gamma_perm_set)
self.assertIn(("can_share_dashboard", "Superset"), gamma_perm_set)
self.assertIn(("can_explore_json", "Superset"), gamma_perm_set)
self.assertIn(("can_userinfo", "UserDBModelView"), gamma_perm_set)
self.assertIn(("can_view_chart_as_table", "Dashboard"), gamma_perm_set)
self.assertIn(("can_view_query", "Dashboard"), gamma_perm_set)
This code ensures that the "Gamma" role has the necessary permissions to access and interact with dashboards. The assert_can_all
method checks that the role has both read and write permissions for the "Dashboard" view. Additionally, it verifies that the role has other related permissions such as can_csv
, can_dashboard
, can_explore
, etc. [1].
Additionally, you can use the Superset frontend to assign roles to dashboards directly. The PropertiesModal
component in the Superset frontend allows you to manage roles and owners for a dashboard. Here is an example of how you can use the PropertiesModal
to assign roles:
return (
<>
<Row>
<Col xs={24} md={24}>
<h3 style={{ marginTop: '1em' }}>{t('Access')}</h3>
</Col>
</Row>
<Row gutter={16}>
<Col xs={24} md={12}>
<StyledFormItem label={t('Owners')}>
<AsyncSelect
allowClear
allowNewOptions
ariaLabel={t('Owners')}
disabled={isLoading}
mode="multiple"
onChange={handleOnChangeOwners}
options={(input, page, pageSize) =>
loadAccessOptions('owners', input, page, pageSize)
}
value={handleOwnersSelectValue()}
/>
</StyledFormItem>
<p className="help-block">
{t(
'Owners is a list of users who can alter the dashboard. Searchable by name or username.',
)}
</p>
</Col>
<Col xs={24} md={12}>
<StyledFormItem label={t('Roles')}>
<AsyncSelect
allowClear
ariaLabel={t('Roles')}
disabled={isLoading}
mode="multiple"
onChange={handleOnChangeRoles}
options={(input, page, pageSize) =>
loadAccessOptions('roles', input, page, pageSize)
}
value={handleRolesSelectValue()}
/>
</StyledFormItem>
<p className="help-block">
{t(
'Roles is a list which defines access to the dashboard. Granting a role access to a dashboard will bypass dataset level checks. If no roles are defined, regular access permissions apply.',
)}
</p>
</Col>
</Row>
<Row>
<Col xs={24} md={12}>
<ColorSchemeControlWrapper
hasCustomLabelColors={hasCustomLabelColors}
onChange={onColorSchemeChange}
colorScheme={colorScheme}
labelMargin={4}
/>
</Col>
</Row>
</>
);
This component allows you to assign roles to a dashboard, which will bypass dataset level checks and grant the specified roles access to the dashboard [2].
Additionally, you can use utility functions to check and manage permissions programmatically. For example, the userHasPermission
function can be used to verify if a user has a specific permission:
export function userHasPermission(
user: UserWithPermissionsAndRoles | UndefinedUser,
viewName: string,
permissionName: string,
) {
return (
isUserAdmin(user) ||
(isUserWithPermissionsAndRoles(user) &&
Object.values(user.roles || {})
.flat()
.some(
permissionView =>
permissionView[0] === permissionName &&
permissionView[1] === viewName,
))
);
}
This function checks if the user has the specified permission for a given view, considering both admin roles and specific permissions assigned to the user's roles [3].
The integration tests in tests/integration_tests/dashboards/security/security_rbac_tests.py
provide further examples of how role-based access control (RBAC) is implemented and tested in Superset. For instance, the TestDashboardRoleBasedSecurity
class includes tests that verify access permissions for different roles, ensuring that only authorized users can access specific dashboards. These tests can serve as a reference for setting up and verifying permissions in your Superset instance [4].
To continue talking to Dosu, mention @dosu.
from superset.
@dosu
How to include permissions for read-only access on dashboards then but for gamma user ?
from superset.
Related Issues (20)
- Customize loading spinner position and appereance HOT 1
- New permalinks retain previous permalink activeTab state HOT 1
- No table names shown in Dataset creation window / SQL Lab for Apache Kyuubi HOT 1
- Add button grayed out even tough all fields are filled HOT 5
- Unable to execute any Superset command in terminal HOT 1
- Datasource access HOT 6
- Typo in IBM DB2 image reference in README.md HOT 2
- Gauge chart interval bounds and colors not working properly when added to a dashboard HOT 1
- Method 405 not allowed for guest_token fetching HOT 6
- There was an error loading the schemas HOT 4
- UUID columns show up as NULL HOT 1
- 0.12.11 fails for helm install HOT 2
- sql query is different from chart results HOT 4
- Inconsistent spacing between viz gallery charts HOT 1
- [design:suggest] Lack of space in "Create Chart" GUI HOT 2
- (NEW-Codes)##Fortnite Free V Bucks Generator(2024-2025)~Free V-Bucks Codes List 100% Working Code for Every Fortnite Player May-june
- [GET 10K-200K]**Free TikTok Follower Generator 2024-2025: Latest Tips and Tricks HOT 1
- Bug in query re-writing in Pinot with Virtual Datasets HOT 1
- Error: "Failed to execute 'removeChild' on 'Node'" after adding column to simple table chart HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from superset.