[GitHub] [superset] imanollew opened a new issue #15844: Giving a user access to a specific dashboard enables that user to see other datasources

Thu, 22 Jul 2021 12:51:19 -0700 


imanollew opened a new issue #15844:
URL: https://github.com/apache/superset/issues/15844


   Giving a user (role gamma) access to a specific dashboard enables that user 
to see other datasources. For example, if user1 has access to dashboard1 (which 
uses datasource1 and datasource2), that user will have access to every 
datasource in my enviroment.
   ### Expected results
   
   what you expected to happen.
   User1 shouldnt be able to use every datasource in my enviroment just because 
admin gave him the role to see a specific dashboard. User1 should be able to 
only use the datasources in the dashboard "dashboard1".
   ### Actual results
   User1 is able to use any datasource, even if they are not being used in the 
dashboard "dashboard1".
   
   
   
   #### How to reproduce the bug
   
   0. Have a dashboard -dash1- with 2 charts on it. Both charts are using 
different datasources.
   1. Create a new user and give this user the default role "Gamma".
   2. Enable the flag in config.py for letting dashboards be only visible to 
those with a specific role.   ("DASHBOARD_RBAC": True)
   3. Create an empty role, which will be used to grant access to the dashboard 
"dash1", for example "access_dashboard1".
   4. Make the dashboard be only visible to those with the role 
"access_dashboard1".
   5. Assign the role "access_dashboard1" to this new gamma user.
   
   Now he can access every datasource in the enviroment.
   
   ### Environment
   
   - superset version: 1.2
   - python version: Python 3.7.11
   - node.js version: v12.22.2
   
   ### Checklist
   
   Make sure to follow these steps before submitting your issue - thank you!
   
   - [ yes] I have checked the superset logs for python stacktraces and 
included it here as text if there are any.
   - [yes ] I have reproduced the issue with at least the latest released 
version of superset.
   - [yes ] I have checked the issue tracker for the same issue and I haven't 
found one similar.
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to