GitHub user dosubot[bot] added a comment to the discussion: Roles list of permissions
<!-- Greeting --> Hi @NgTrDunghcmut! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> Superset doesn't maintain a static, human-readable list of permissions for each role. Instead, permissions are assigned programmatically at startup by the SupersetSecurityManager. Roles like Admin, Alpha, Gamma, and SQL Lab get their permissions based on logic in the code, using sets like `ADMIN_ONLY_PERMISSIONS` (e.g., update_roles_users, list_roles, can_update_role, all_query_access, can_grant_guest_token, can_set_embedded, can_warm_up_cache) and `ALPHA_ONLY_PERMISSIONS` (e.g., muldelete, all_database_access, all_datasource_access). There are also read-only permissions such as can_show, can_list, can_get, can_external_metadata, can_external_metadata_by_name, and can_read. You can see how this works in the [security manager code](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py). If you want to view the actual permissions for roles in your Superset instance, you can check the Roles section in the Superset UI or query the relevant tables in your metadata database. For specific features, like managing User Groups, permissions such as can list/add/edit/show/delete on UserGroupModelView are required and automatically added to admin roles during implementation ([source](https://github.com/apache/superset/issues/32116)). For public dashboards with Dynamic Plugins, make sure the public role has can list on DynamicPlugin ([source](https://github.com/apache/superset/issues/33548)). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/2f3bc669-a848-43d1-87dd-d2f3c7226d63?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/2f3bc669-a848-43d1-87dd-d2f3c7226d63?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/2f3bc669-a848-43d1-87dd-d2f3c7226d63?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/2f3bc669-a848-43d1-87dd-d2f3c7226d63?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/2f3bc669-a848-43d1-87dd-d2f3c7226d63?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/2f3bc669-a848-43d1-87dd-d2f3c7226d63?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/2f3bc669-a848-43d1-87dd-d2f3c7226d63?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34787) GitHub link: https://github.com/apache/superset/discussions/34787#discussioncomment-14175054 ---- This is an automatically sent email for notifications@superset.apache.org. To unsubscribe, please send an email to: notifications-unsubscr...@superset.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
