This is an automated email from the ASF dual-hosted git repository. aminghadersohi pushed a commit to branch mcp-rbac-tool-visibility in repository https://gitbox.apache.org/repos/asf/superset.git
commit facd48f70d87d7598634c1e2c45f531cb3d48e37 Author: Amin Ghadersohi <[email protected]> AuthorDate: Tue May 19 13:57:35 2026 +0000 fix(mcp): distinguish execute_sql permission from write access in instructions Remove 'or running SQL' from the write-operations bullet so that SQL execution is not grouped under can_write. execute_sql is controlled by the separate execute_sql_query permission on SQLLab, which is already called out in its own bullet below. Co-Authored-By: Claude Sonnet 4.6 <[email protected]> --- superset/mcp_service/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset/mcp_service/app.py b/superset/mcp_service/app.py index 144812f561a..8f4ace4de51 100644 --- a/superset/mcp_service/app.py +++ b/superset/mcp_service/app.py @@ -365,7 +365,7 @@ Input format: {_feature_availability}Permission Awareness: {_instance_info_role_bullet}- ALWAYS check the user's roles BEFORE suggesting write operations (creating datasets, - charts, dashboards, or running SQL). + charts, or dashboards). SQL execution is a separate permission — see execute_sql below. - Write tools (generate_chart, generate_dashboard, update_chart, create_virtual_dataset, save_sql_query, add_chart_to_existing_dashboard, update_chart_preview) require write permissions. These tools are only listed for users who have the necessary access.
