apache/superset

Permissions

rostamizahra opened this issue · 2 comments

rostamizahra commented

Bug description

Hi!
I created a new role in superset that should have the access to one of my dashboards. So I added datasource access of my datasets that used in the charts of the dashboards. Now when I open the charts with this role, this role give the access of swap dataset in the charts that shouldn't exist. how should I fix it?
I added the pic
imgpsh_fullsize_anim

Screenshots/recordings

imgpsh_fullsize_anim

Superset version

4.0.2

Python version

3.10

Node version

18 or greater

Browser

Firefox

Additional context

No response

Checklist

  • I have searched Superset docs and Slack and didn't find a solution to my problem.
  • I have searched the GitHub issue tracker and didn't find a similar bug report.
  • I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
dosubot commented

To address the issue where a role has access to the "SWAP DATASET" button in Apache Superset, you need to review the permissions associated with that role. The "SWAP DATASET" button allows users to change the dataset used by a chart, which might not be desirable for all roles.

Here are some steps you can take to resolve this:

  1. Review Role Permissions: Ensure that the role does not have permissions that allow dataset swapping. Check if the role has been granted permissions like can_write or other permissions that might implicitly allow dataset modifications.

  2. Dashboard RBAC: If the DASHBOARD_RBAC feature flag is enabled, you can manage which roles can access specific dashboards. This feature allows you to bypass dataset-level checks and control access more granularly. Ensure that the role is configured correctly under this feature if it's enabled [1].

  3. Dataset Access: Verify that the role has only the necessary dataset access permissions. If the role has broader access than intended, it might inadvertently allow actions like dataset swapping.

  4. Check for Missing Dataset: The "Missing dataset" error suggests that the dataset linked to the chart might have been deleted or is inaccessible. Ensure that the dataset exists and that the role has the correct permissions to access it [2].

By adjusting the role's permissions and ensuring the dataset is correctly configured and accessible, you should be able to prevent the role from having access to the "SWAP DATASET" button.

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

  • 👍1
  • 👎2
rostamizahra commented

I didn't add can write access. I only added Datasource access to specific datasources.