Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a “dashboard consumer” default role #19074

Closed
EBoisseauSierra opened this issue Mar 9, 2022 · 4 comments
Closed

Create a “dashboard consumer” default role #19074

EBoisseauSierra opened this issue Mar 9, 2022 · 4 comments

Comments

@EBoisseauSierra
Copy link
Contributor

Is your feature request related to a problem? Please describe.

I want to some of my users to simply be able to consume dashboards — i.e. log in, access one or many dashboards… and that's it. (One can assume that dashboard access is then managed via separate RBAC.)
The Gamma default is too “powerful” for me (cf. #18870 ), as such users have access to charts menu, etc.
As for Public, it raises lots of errors simply loading the home page, as users don't have access to the list of dashboards/charts.

Describe the solution you'd like

I would like to create a “dashboard consumer” (Delta?) role by default, that can only log in and have access to the Dashboards menu.

My self-baked role definition consists in the following permissions (which is a subset of Gamma's ones):

[
    can read on SavedQuery,
    can read on CssTemplate,
    can read on ReportSchedule,
    can read on Chart,
    can read on Annotation,
    can read on Dataset,
    can read on Dashboard,
    can read on Database,
    can read on Query,
    can show on DynamicPlugin,
    can list on DynamicPlugin,
    can time range on Api,
    can query form data on Api,
    can query on Api,
    can get on Datasource,
    can slice on Superset,
    can slice json on Superset,
    can fave dashboards by username on Superset,
    can fave dashboards on Superset,
    can dashboard on Superset,
    can profile on Superset,
    can fave slices on Superset,
    can sqllab table viz on Superset,
    can explore json on Superset,
    can results on Superset,
    can queries on Superset,
    can recent activity on Superset,
    can favstar on Superset,
    can read on SecurityRestApi,
    menu access on Dashboards,
    can list on FilterSets
]

(but I think it could be streamlined even further)

Describe alternatives you've considered

Well, I can keep defining the role myself manually, but IMO there is value to a default dashboard consumer/read-only role.
@sfkeller sfkeller mentioned this issue Apr 30, 2022
Closed
3 tasks
@asmaier
Copy link

asmaier commented May 31, 2022

See also https://gist.github.com/byk0t/bd6e9c3839967b4ac28a8da30f468b2a

@EBoisseauSierra
Copy link
Contributor Author

@dpgaspar do you reckon it is this something we should fix in FAB or directly in Superset?

@nytai
Copy link
Member

nytai commented Jul 12, 2022

@EBoisseauSierra this should live in superset only as these roles (aside from Admin and Public) are specific to superset. Most of the changes would need to happen here:

superset/superset/security/manager.py

Line 143 in ff5b4bc

class SupersetSecurityManager( # pylint: disable=too-many-public-methods

@nytai
Copy link
Member

nytai commented Jul 12, 2022

I think this change would be welcome, users can always just opt out of using that role

@apache apache locked and limited conversation to collaborators Jan 14, 2023
@rusackas rusackas converted this issue into discussion #22729 Jan 14, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@asmaier @nytai @EBoisseauSierra