dosubot[bot] commented on issue #29777:
URL: https://github.com/apache/superset/issues/29777#issuecomment-2258533727
<!-- Answer -->
Ownership in Apache Superset is managed through roles and permissions. The
Gamma role has limited access, primarily for consuming data and creating slices
and dashboards, but not for altering or adding data sources.
To disable imports from the UI for users with the Gamma role while still
granting them write permissions on charts and dashboards, you can customize the
permissions for the Gamma role. Specifically, you can remove the permissions
related to importing from the Gamma role and ensure they have the necessary
permissions to edit charts and dashboards.
Here is a step-by-step approach:
1. **Create a Custom Role**: Create a new role that includes the permissions
for editing charts and dashboards but excludes the import permissions.
2. **Assign Permissions**: Assign the necessary permissions to this custom
role.
3. **Assign Roles to Users**: Assign both the Gamma role and the new custom
role to the users.
### Example Configuration
1. **Create a Custom Role**:
- Go to `Menu -> Security -> List Roles`.
- Click the `+` sign to create a new role.
- Name the role (e.g., `CustomGamma`).
2. **Assign Permissions**:
- In the permissions dropdown, select the permissions for editing charts
and dashboards (e.g., `can_edit` on `Dashboard`, `can_edit` on `Slice`).
- Ensure that permissions related to importing (e.g.,
`can_import_dashboards`, `can_import_slices`) are not included.
3. **Assign Roles to Users**:
- Assign both the `Gamma` role and the new `CustomGamma` role to the
users.
Additionally, you can leverage utility functions such as
`canUserEditDashboard` and `userHasPermission` to programmatically check and
enforce these permissions. For example, `canUserEditDashboard` ensures that
only users with the appropriate roles and permissions can edit dashboards,
while `userHasPermission` can be used to verify specific permissions for a user.
In the `superset/security/manager.py` file, you can see that the
`SupersetSecurityManager` class defines various role-based access controls. For
instance, the `GAMMA_READ_ONLY_MODEL_VIEWS` set includes views that are
read-only for Gamma users. You can customize this to ensure that import-related
views are not accessible to Gamma users while still allowing them to edit
charts and dashboards
<sup>[[1]](https://github.com/apache/superset/blob/master/docs/docs/security/security.mdx)</sup><sup>[[2]](https://github.com/apache/superset/blob/master/superset-frontend/src/dashboard/util/permissionUtils.test.ts)</sup><sup>[[3]](https://github.com/apache/superset/blob/master/superset/security/manager.py)</sup>.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
