This is an automated email from the ASF dual-hosted git repository.

aminghadersohi pushed a commit to branch mcp-rbac-tool-visibility
in repository https://gitbox.apache.org/repos/asf/superset.git

commit facd48f70d87d7598634c1e2c45f531cb3d48e37
Author: Amin Ghadersohi <[email protected]>
AuthorDate: Tue May 19 13:57:35 2026 +0000

    fix(mcp): distinguish execute_sql permission from write access in 
instructions
    
    Remove 'or running SQL' from the write-operations bullet so that SQL
    execution is not grouped under can_write. execute_sql is controlled by
    the separate execute_sql_query permission on SQLLab, which is already
    called out in its own bullet below.
    
    Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
---
 superset/mcp_service/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/superset/mcp_service/app.py b/superset/mcp_service/app.py
index 144812f561a..8f4ace4de51 100644
--- a/superset/mcp_service/app.py
+++ b/superset/mcp_service/app.py
@@ -365,7 +365,7 @@ Input format:
 
 {_feature_availability}Permission Awareness:
 {_instance_info_role_bullet}- ALWAYS check the user's roles BEFORE suggesting 
write operations (creating datasets,
-  charts, dashboards, or running SQL).
+  charts, or dashboards). SQL execution is a separate permission — see 
execute_sql below.
 - Write tools (generate_chart, generate_dashboard, update_chart, 
create_virtual_dataset,
   save_sql_query, add_chart_to_existing_dashboard, update_chart_preview) 
require write
   permissions. These tools are only listed for users who have the necessary 
access.

Reply via email to