GitHub user dosubot[bot] added a comment to the discussion: How could I reduce editing permissions?
<!-- Greeting --> Hi @orlandolaycos! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> Superset's permission system is based on roles and granular permissions like `can_add`, `can_edit`, and `can_delete` for dashboards and charts. To prevent editors from creating or deleting dashboards but still allow them to edit existing ones, you can remove the `can_add` and `can_delete` permissions for the Dashboard model from their role, while keeping `can_edit` enabled. Ownership is also enforced—only owners (or admins) can alter or delete dashboards, but the `can_edit` permission covers all dashboard editing, including properties like title, owners, and roles, as well as layout and content. There is no built-in way to allow editing only charts within a dashboard without also allowing property edits, since both are bundled under `can_edit` for dashboards. Chart editing permissions are managed separately, so you can allow chart CRUD without dashboard edit rights, but not the other way around. For embedded dashboards, you can use UI config options (like `dashboardUiConfig`) to hi de interactive elements, but this only affects the frontend, not backend permissions ([source](https://github.com/apache/superset/blob/050ccdcb3dd84f3ae6e301d61021e72474e754d7/docs/docs/security/security.mdx), [discussion](https://github.com/apache/superset/issues/33599), [embedded config](https://github.com/apache/superset/issues/32183)). For finer control (like restricting property edits but allowing chart edits), you would need to customize the frontend or modify the codebase. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/fc86595d-76bf-467c-a5a8-89a662e1f443?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/fc86595d-76bf-467c-a5a8-89a662e1f443?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/fc86595d-76bf-467c-a5a8-89a662e1f443?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/fc86595d-76bf-467c-a5a8-89a662e1f443?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/fc86595d-76bf-467c-a5a8-89a662e1f443?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/fc86595d-76bf-467c-a5a8-89a662e1f443?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/fc86595d-76bf-467c-a5a8-89a662e1f443?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/33981) GitHub link: https://github.com/apache/superset/discussions/33981#discussioncomment-13626311 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
