-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RBAC not working as expected #29823
Comments
The issue you're encountering with RBAC on the Superset dashboard might be due to several factors related to the
Here is a sample configuration for AUTH_ROLE_PUBLIC = 'Public'
PUBLIC_ROLE_LIKE = "Guest" # Create a guest role for anonymous view dashboards
DEFAULT_FEATURE_FLAGS = {
"DASHBOARD_RBAC": True,
"ENABLE_TEMPLATE_PROCESSING": True,
"DASHBOARD_NATIVE_FILTERS": True,
"DASHBOARD_CROSS_FILTERS": True
} Ensure that the "Public" role has the following permissions:
If the issue persists, you might want to check the detailed error objects returned by the |
Bug description
RBAC on dashboard is not working as expected.
How to reproduce the bug
draft
(I tried first with this set of perms :
And then with all the Gamma permission)
5. copy permalink
6. open private web browser window
7. past the link
Screenshots/recordings
No response
Superset version
4.0.2
Python version
Not applicable
Node version
Not applicable
Browser
Safari
Additional context
Working with the official prebuilt docker image from tag.
If you don't enable the RBAC feature and add the
all datasource access on all_datasource_access
to the public role with the first minimal set of permission mentioned above and try tou access it with the permalink it works.So if the RBAC feature works as described and "bypass dataset level checks" normally the 1st minimal set of permissions (so without
all datasource access on all_datasource_access
because the objectif of enabling the RBAC feature is to avoid to grant this pem) is supposed to work.Logs from the superset_app container :
Checklist
The text was updated successfully, but these errors were encountered: