Re: [I] RBAC not Working [superset]

Thu, 14 Mar 2024 08:24:26 -0700 


mtthsbrr commented on issue #18634:
URL: https://github.com/apache/superset/issues/18634#issuecomment-1997715292

   > Agreed that there is a gap in user access, we're on 2.0.0, with 
`DASHBOARD_RBAC` enabled. Our ideal use case is
   > 
   > * All users who login get a custom role, something like `dashboard_viewer`
   > * We use dashboard RBAC to grant access to the full dashboard (view 
dashboard, see underlying datasets, and see filter datasets)
   > * We apply RLS rule that limits user based on templated `{{ 
current_username }}`
   > 
   > This way all users can login, see the dashboard, but only see rows they 
are associated with.
   > 
   > The issue now is we are getting the `You don't have access to this 
dashboard` - seems like the only workaround is the snippet Benjamin shared, it 
would not be scalable to add access for the 100+ users through dashboard 
ownership, sounds like this may have a fix on the way.
   > 
   > The other issue is datasets associated with native filters, when working 
around the above issue by adding my test user as an owner so it can hit the 
dashboard I'm getting permission errors on all native filters that utilize 
datasets NOT used by the dashboard. I believe the root of this is that hitting 
the dashboard/ID/datasets endpoint only returns chart datasets and not filters.
   
   @wulfuric 
   Was there a fix for missing filter datasets (datasets only serving for a 
filter but not for any chart in the dashboard) permissions when utilizing 
dashboard RBAC?
   
   Our current workaround is to create a dummy chart from the filter dataset 
and hide it somewhere in the dashboard but that does not feel like a proper 
solution. :-/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to