GitHub user dosubot[bot] added a comment to the discussion: The issue regarding obtaining an Embedded Token
<!-- Answer --> The issue is that Superset does not use the roles you specify in the guest_token payload for embedded access. Instead, it always assigns the role set in the GUEST_ROLE_NAME config (by default, "Public") to all GuestUser sessions, regardless of what you put in the "roles" field of your token request. This means your custom "Viewer" role is ignored for embedding, which is why you still get 403 errors even though you granted it all the right permissions. To fix this, set GUEST_ROLE_NAME = "Viewer" in your superset_config.py and restart Superset. All embedded (guest_token) sessions will then use your custom Viewer role and get the permissions you assigned to it. You do not need to list chart or dataset IDs in the token—just the dashboard ID is enough if the role has the right permissions. Reference: [Superset assigns GuestUser roles using GUEST_ROLE_NAME, not the guest_token payload](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py) [GuestUser class and role assignment](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/guest_token.py) <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/815d4ec4-68ef-407c-9682-501c0277719f?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/815d4ec4-68ef-407c-9682-501c0277719f?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/815d4ec4-68ef-407c-9682-501c0277719f?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/815d4ec4-68ef-407c-9682-501c0277719f?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/815d4ec4-68ef-407c-9682-501c0277719f?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/815d4ec4-68ef-407c-9682-501c0277719f?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/815d4ec4-68ef-407c-9682-501c0277719f?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35670) GitHub link: https://github.com/apache/superset/discussions/35670#discussioncomment-14696702 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
