betodealmeida commented on issue #32214: URL: https://github.com/apache/superset/issues/32214#issuecomment-2724815007
> My suggestion is that superset only runs add_permissions on the catalog specified in the database.yaml. The problem with this is that in many databases you can access other catalogs via: ```sql SELECT * FROM catalog.schema.table ``` So we need to create the catalog permissions so that admins can manage access to those other catalogs. Well, we don't **need** to, since if we don't add them users won't be able to access them, which is fine from a security perspective. But it could be unintuitive to the admin who wants to grant access to some of those non-default catalogs — before @Vitor-Avila's work on https://github.com/apache/superset/pull/32231 they would have to edit the database for the permissions to be created. I think a better and more generic approach might be to simply ignore errors when calling `security_manager.add_permission_view_menu`. Let me work on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
