d1manson commented on issue #35073: URL: https://github.com/apache/superset/issues/35073#issuecomment-3271808077
> Hi [@d1manson](https://github.com/d1manson)! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. > > The 403 error from the `/api/v1/time_range/` endpoint when using a guest JWT token is caused by missing API permissions for the guest role. Specifically, the guest role needs the "can time range on api" (or "can_read_on_time_range") permission to access this endpoint, even if it already has dashboard read access. This permission is not granted to guest roles by default, which is why the time range filter fails while the rest of the dashboard works. To resolve this, add the required permission to the guest role in Superset’s security settings. More details and confirmation of this requirement can be found [here](https://github.com/apache/superset/discussions/34046). > > _To reply, just mention [@dosu](https://go.dosu.dev/dosubot)._ > > How did I do? [Good](https://app.dosu.dev/response-feedback/884ebe8e-7a14-4591-b555-f342f3c33c6c?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/884ebe8e-7a14-4591-b555-f342f3c33c6c?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/884ebe8e-7a14-4591-b555-f342f3c33c6c?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/884ebe8e-7a14-4591-b555-f342f3c33c6c?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/884ebe8e-7a14-4591-b555-f342f3c33c6c?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/884ebe8e-7a14-4591-b555-f342f3c33c6c?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/884ebe8e-7a14-4591-b555-f342f3c33c6c?feedback_type=other) [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/35073) You might be sort of right that i can somehow grant the permission to the guest user, but i'm not sure how - there is no guest role. I'm using the /api/v1/security/guest_token/ endpoint to get the token, and currently just supply the dashboard uuid, but maybe there's some way to specify access to the time_range api too? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
