mdeshmu opened a new issue, #24782: URL: https://github.com/apache/superset/issues/24782
Folks, Sorry, but I am confused & annoyed with this behavior which I have described below. We are using DASHBOARD_RBAC to give read-only dashboard access to users without giving them any access to charts, datasets, and databases. We have assigned only the default Gamma role to the user.   Here are the two issues we are observing: 1) In 2.1.0, 3.0.0rc1, and in the current master, a Gamma user can save a copy of a dashboard not owned by them. More importantly, they can make copies of all charts in the dashboard with the "also copy (duplicate) charts" checkbox. This is very undesired and a maintenance nightmare for us.  2) They can edit the chart from the dashboard and "save as" a new chart, even though the chart is not owned by them.   The irony is, Gamma users can't list any charts from the Charts Menu (including cloned charts). An admin can see that charts are being cloned.  This was reported by another user here as well: https://apache-superset.slack.com/archives/CCKHMGRRB/p1688356037634189 This behavior didn't exist in 1.5.3. Is this a deliberately added behavior or is it a bug with DASHBOARD_RBAC? ### Expected results Gamma users who are not owners of the dashboard shouldn't be able to save a dashboard. Gamma users who are not owners of the charts shouldn't be able to edit a chart from the dashboard and should not be able to save it as a new chart from the chart builder. ### Actual results Gamma users can save a dashboard and chart even if they are not owners. #### Screenshots Added above. ### Environment - browser type and version: Version 114.0.5735.134 (Official Build) (64-bit) - superset version: 3.0.0rc1 - python version: 3.9.x - node.js version: NA - any feature flags active: This feature flags are set to true -> ALERT_REPORTS, DASHBOARD_CROSS_FILTERS, DASHBOARD_RBAC, GENERIC_CHART_AXES, ALLOW_FULL_CSV_EXPORT, DRILL_TO_DETAIL, HORIZONTAL_FILTER_BAR ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [ ] I have checked the superset logs for Python stack traces and included them here as text if there are any. - [ x] I have reproduced the issue with at least the latest released version of the superset. - [x ] I have checked the issue tracker for the same issue and haven't found one similar. ### Additional context NA -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
