Re: [I] Role is not mandatory for a user when using OAuth login [superset]

Tue, 09 Jul 2024 03:07:42 -0700 


dosubot[bot] commented on issue #29523:
URL: https://github.com/apache/superset/issues/29523#issuecomment-2217231444

   <!-- Answer -->
   To configure Superset to make the role a mandatory field for users logging 
in via OAuth and ensure that existing users have at least one role assigned 
without creating new users, you can use the `AUTH_USER_REGISTRATION_ROLE` and 
`AUTH_ROLES_SYNC_AT_LOGIN` settings in your `superset_config.py` file.
   
   Here is how you can configure it:
   
   1. **Set a Default Role for New Users**: Ensure that new users who register 
via OAuth are assigned a default role.
   2. **Sync Roles at Login**: Ensure that roles are synced every time a user 
logs in.
   
   Add the following configuration to your `superset_config.py`:
   
   ```python
   # Ensure that users have at least one role assigned upon registration
   AUTH_USER_REGISTRATION = True
   AUTH_USER_REGISTRATION_ROLE = "Gamma"  # Default role for new users
   
   # Sync roles at each login to ensure users have the correct roles
   AUTH_ROLES_SYNC_AT_LOGIN = True
   
   # Map OAuth groups to Superset roles if needed
   AUTH_ROLES_MAPPING = {
       "oauth_group_name": ["SupersetRole1", "SupersetRole2"],
       # Add more mappings as needed
   }
   ```
   
   This configuration ensures that:
   - New users registering via OAuth are assigned the "Gamma" role by default.
   - User roles are synced at each login, ensuring that existing users have the 
correct roles assigned.
   
   By setting `AUTH_USER_REGISTRATION_ROLE`, you ensure that new users have at 
least one role. By enabling `AUTH_ROLES_SYNC_AT_LOGIN`, you ensure that 
existing users' roles are updated at each login, preventing the creation of new 
users without roles 
<sup>[[1]](https://github.com/apache/superset/blob/master/docs/docs/configuration/configuring-superset.mdx)</sup><sup>[[2]](https://github.com/apache/superset/blob/master/superset/config.py)</sup>.
   
   
   <!-- Dosu Comment Footer -->
   *To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to