This is an automated email from the ASF dual-hosted git repository.

aminghadersohi pushed a commit to branch mcp-rls-plugins-99978
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 06d72bcc72fabb97e1fa4afe43c5e9f9cb012c3a
Author: Amin Ghadersohi <[email protected]>
AuthorDate: Thu May 21 01:30:46 2026 +0000

    fix(mcp): remove 'roles' from USER_DIRECTORY_FIELDS to allow RLS filter 
roles to be returned
    
    RLS filter `roles` (which roles a filter applies to) are core RLS data,
    not user-directory metadata. Including 'roles' in USER_DIRECTORY_FIELDS
    caused filter_user_directory_columns() to strip it from any requested
    select_columns list, making it impossible to retrieve via list_rls_filters.
    
    No dashboard/chart/dataset schema defines a 'roles' field, so removing it
    from the block set has no privacy impact on other tools.
    
    Fixes test_list_rls_filters_returns_tables_and_roles.
---
 superset/mcp_service/privacy.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/superset/mcp_service/privacy.py b/superset/mcp_service/privacy.py
index ebee9f41279..46af518710f 100644
--- a/superset/mcp_service/privacy.py
+++ b/superset/mcp_service/privacy.py
@@ -40,7 +40,6 @@ USER_DIRECTORY_FIELDS = frozenset(
         "last_saved_by_name",
         "owner",
         "owners",
-        "roles",
     }
 )
 
@@ -133,7 +132,7 @@ def user_can_view_data_model_metadata() -> bool:
 
 
 def filter_user_directory_fields(data: dict[str, Any]) -> dict[str, Any]:
-    """Remove fields that expose users, roles, owners, or access metadata."""
+    """Remove fields that expose users, owners, or access metadata."""
     return {
         key: value for key, value in data.items() if key not in 
USER_DIRECTORY_FIELDS
     }

Reply via email to