shawnzhu commented on issue #16557: URL: https://github.com/apache/superset/issues/16557#issuecomment-912767673
@amitmiran137 Thanks for pointing out the essential problem around RBAC. when reading the doc [Customizing Permissions](https://superset.apache.org/docs/security#customizing-permissions), I realized it only create one permission (i.e., `datasource_access`) for each data source, which means if it assign the permission `datasource access to [db].[dataset_name](id:x)` to a role, any user within this role could edit/view this dataset, so I understand it could treat individual data objects just like other view/model where it can associate permissions (or the new term _operation_) like `can_read`, `can_write` and/or `can_delete`. @nytai do you think it's feasible to make such change like https://github.com/apache/superset/issues/16557#issuecomment-911502003 in this SIP? Or I could go ahead to make the desired workflow with existing single permission `datasource_access` then collect feedback? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
