ivan-price-acted commented on PR #22642: URL: https://github.com/apache/superset/pull/22642#issuecomment-1510833345
Hi there, Just discovered this 'feature' whilst testing for our organisation: the fact that (currently) Draft dashboards provide a window for unauthorised users onto data they wouldn't normally be allowed to see, (if no RBAC roles are assigned) if this PR merges than those same unauthorised users will see the data when the dashboards are published. I'm surprised we don't simply delete the line of code in question, i.e. be explicit in the RBAC rules that if we want a world-readable dashboard we assign a role that we know all users have ? Why do we assume no roles == everyone cas access the data ? It is very likely users creating dashboards will forget to publish or unpublish their dashboards and not assign any RBAC rules, and will not understand the implications in terms of who can access their data between the two states. As an administrator this presents a risk, trusting the users to do the right thing here (manage the draft / published AND the RBAC rules) is not realistic for us. Can we make a plea for removing line 1994 ``` or (dashboard.published and not dashboard.roles) ``` completely, and require the user to add an explicit role instead ? -ivan -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
