This is an automated email from the ASF dual-hosted git repository. aminghadersohi pushed a commit to branch mcp-rls-plugins-99978 in repository https://gitbox.apache.org/repos/asf/superset.git
commit 06d72bcc72fabb97e1fa4afe43c5e9f9cb012c3a Author: Amin Ghadersohi <[email protected]> AuthorDate: Thu May 21 01:30:46 2026 +0000 fix(mcp): remove 'roles' from USER_DIRECTORY_FIELDS to allow RLS filter roles to be returned RLS filter `roles` (which roles a filter applies to) are core RLS data, not user-directory metadata. Including 'roles' in USER_DIRECTORY_FIELDS caused filter_user_directory_columns() to strip it from any requested select_columns list, making it impossible to retrieve via list_rls_filters. No dashboard/chart/dataset schema defines a 'roles' field, so removing it from the block set has no privacy impact on other tools. Fixes test_list_rls_filters_returns_tables_and_roles. --- superset/mcp_service/privacy.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/superset/mcp_service/privacy.py b/superset/mcp_service/privacy.py index ebee9f41279..46af518710f 100644 --- a/superset/mcp_service/privacy.py +++ b/superset/mcp_service/privacy.py @@ -40,7 +40,6 @@ USER_DIRECTORY_FIELDS = frozenset( "last_saved_by_name", "owner", "owners", - "roles", } ) @@ -133,7 +132,7 @@ def user_can_view_data_model_metadata() -> bool: def filter_user_directory_fields(data: dict[str, Any]) -> dict[str, Any]: - """Remove fields that expose users, roles, owners, or access metadata.""" + """Remove fields that expose users, owners, or access metadata.""" return { key: value for key, value in data.items() if key not in USER_DIRECTORY_FIELDS }
