GitHub user dosubot[bot] added a comment to the discussion: To add custom role
via superset_config.py
<!-- Answer -->
To fully automate custom role creation and permission assignment in Superset
4.x, use a backend Python script with the Superset app context and the security
manager API—not superset_config.py or the REST API (which is only available in
5.x+). Here’s an example script that creates a custom role and grants it read
access to dashboards and charts:
```python
from superset import create_app
from flask_appbuilder.security.sqla.models import Role
from flask_appbuilder import Model
# Initialize Superset app
app = create_app()
with app.app_context():
security_manager = app.appbuilder.sm
# Create or get the custom role
role_name = "CustomDashboardViewer"
custom_role = security_manager.add_role(role_name)
# Define permissions you want to grant
permissions = [
("can_read", "Dashboard"),
("can_read", "Chart"),
("menu_access", "Dashboards"),
("menu_access", "Charts"),
]
# Add permissions to the role
for perm_name, view_menu in permissions:
security_manager.add_permission_view_menu(perm_name, view_menu)
perm_view = security_manager.find_permission_view_menu(perm_name,
view_menu)
security_manager.add_permission_role(custom_role, perm_view)
print(f"Role '{role_name}' created and permissions assigned.")
```
You can run this as a standalone script in your Superset environment (e.g.,
`python create_custom_role.py`). If you want to restrict access to specific
dashboards, you can append the role to the dashboard’s `roles` list and commit
the session:
```python
from superset.models.dashboard import Dashboard
from superset.extensions import db
dashboard =
db.session.query(Dashboard).filter_by(slug="your-dashboard-slug").first()
if dashboard:
dashboard.roles.append(custom_role)
db.session.commit()
```
Assign users to the new role via the UI or by appending the role to a user’s
`roles` list in a similar script. This approach is supported and used in
Superset’s own tests and backend logic
([example](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/tests/integration_tests/security_tests.py),
[manager
code](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py)).
Let me know if you need a script for a specific dashboard or chart!
<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*
---
<sup>How did I do?
[Good](https://app.dosu.dev/response-feedback/adbe0bb3-47d5-49e3-9e30-8be28942b83e?feedback_type=great_response)
|
[Irrelevant](https://app.dosu.dev/response-feedback/adbe0bb3-47d5-49e3-9e30-8be28942b83e?feedback_type=irrelevant_answer)
|
[Incorrect](https://app.dosu.dev/response-feedback/adbe0bb3-47d5-49e3-9e30-8be28942b83e?feedback_type=incorrect_sources)
|
[Verbose](https://app.dosu.dev/response-feedback/adbe0bb3-47d5-49e3-9e30-8be28942b83e?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/adbe0bb3-47d5-49e3-9e30-8be28942b83e?feedback_type=hallucination)
| [Report
🐛](https://app.dosu.dev/response-feedback/adbe0bb3-47d5-49e3-9e30-8be28942b83e?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/adbe0bb3-47d5-49e3-9e30-8be28942b83e?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)&
nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34551)
GitHub link:
https://github.com/apache/superset/discussions/34551#discussioncomment-14009214
----
This is an automatically sent email for notifications@superset.apache.org.
To unsubscribe, please send an email to:
notifications-unsubscr...@superset.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
