dosubot[bot] commented on issue #35073: URL: https://github.com/apache/superset/issues/35073#issuecomment-3271818494
<!-- Answer --> You can't specify API permissions like "can_read_on_time_range" directly when creating a guest JWT token via `/api/v1/security/guest_token/`. Instead, Superset assigns guest users the role defined by the `GUEST_ROLE_NAME` config (often "Public" or a custom role), and all permissions—including API access—are managed through that role. To fix the 403 on `/api/v1/time_range/`, you need to add the "can_read_on_time_range" permission to the role set in `GUEST_ROLE_NAME` using Superset's security UI (Settings → Roles → [Your guest role] → Edit Permissions). This change will apply to all guest tokens using that role, and is the only supported way to grant API permissions for embedded/guest users in Superset v5 [[source](https://github.com/apache/superset/discussions/34046)]. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/4c9c4cc3-8ef7-4084-8f1d-d3cf49414a02?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/4c9c4cc3-8ef7-4084-8f1d-d3cf49414a02?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/4c9c4cc3-8ef7-4084-8f1d-d3cf49414a02?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/4c9c4cc3-8ef7-4084-8f1d-d3cf49414a02?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/4c9c4cc3-8ef7-4084-8f1d-d3cf49414a02?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/4c9c4cc3-8ef7-4084-8f1d-d3cf49414a02?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/4c9c4cc3-8ef7-4084-8f1d-d3cf49414a02?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=githu b) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/35073) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
