kamalkeshavani-aiinside opened a new issue #16537: URL: https://github.com/apache/superset/issues/16537
With DASHBOARD_RBAC disabled, if a user has access to required data sources then he/she can also access the unpublished dashboards created from those sources. ### Expected results Draft dashboards should be accessible to only Owners and Admin. ### Actual results Draft dashboard is accessible to other users. #### Screenshots If applicable, add screenshots to help explain your problem. #### How to reproduce the bug 1. User A has access to sample dataset covid_vaccine. 2. User B creates a new dashboard from covid_vaccine dataset, but later changes publish status to draft to update. 3. User A can still access the draft dashboard with the url. 4. Similarly user A can access such draft dashboards with url, even if they are never published. ### Environment (please complete the following information): - superset version: `1.3.0` - python version: `3.7` - node.js version: `14.15.5` - any feature flags active: ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [x] I have reproduced the issue with at least the latest released version of superset. - [x] I have checked the issue tracker for the same issue and I haven't found one similar. ### Additional context Note: I think this is not expected behavior, so reporting as bug instead of feature request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
