villebro commented on PR #21765: URL: https://github.com/apache/superset/pull/21765#issuecomment-1277598937
> > hi @villebro !! I'm wondering if it might make sense for an Alpha user to see all Alerts & Reports in the list view, but with no actions in the actions column and a disabled "Active" toggle if they aren't the owner, like the bottom row here:  There could be a case where an Alpha user is a recipient of a report but not the owner, and not seeing it in the list view could be confusing or lead to duplicates being created unintentionally. > > In the future, maybe there could be a "View Only" mode to see report details even if you can't edit (though that is probably out of the scope of this PR) > > Open to feedback here though, what are your thoughts? > > I see where you're coming from, and I agree in the context of Alerts and Reports it could make sense to have elevated privileges for the Alpha role. However, in the current context, this would go against current RBAC conventions, as Alpha is only able to see owned Charts and Dashboards. Having different logic for what Alpha can see on Dashboards and Charts vs Alerts and Reports could be confusing. For this reason I'd almost propose starting a separate discussion about what Alpha should and should not be able to see, and then apply this consistently throughout all object types. @yousoph I stand corrected - the Alpha role does indeed have the `can_access_all_datasources`, which gives the Alpha user full visibility into all dashboards, datasets and charts. I'm going to change this logic so that instead of checking `is_admin`, I'm going to check for `can_access_all_datasources`, and if that's the case, it will show all Alerts & Reports. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
