GitHub user dosubot[bot] added a comment to the discussion: How to implement owner-based filtering for Alerts and Reports so non-admin users only see their own?
<!-- Greeting --> Hi @itaischul! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> There isn’t a built-in way in Superset 5.0.0 to restrict Alerts and Reports visibility by owner—any user with access to the Alerts & Reports page can see all alerts/reports in the system. Ownership is tracked, but the UI and backend do not enforce owner-based filtering for non-admins out of the box ([discussion](https://github.com/apache/superset/issues/32116#issuecomment-2648316462)). To implement owner-based filtering, you’ll need to customize Superset’s backend logic. The recommended approach is to extend the API endpoints or the security manager to filter Alerts and Reports by owner for non-admin users. This typically involves: - Modifying the backend query for listing alerts/reports to filter by the current user’s ID unless they have an admin role. - Ensuring admin users retain full visibility by bypassing the filter for users with admin privileges. There are ongoing proposals to add more granular ownership and group-based access control in future versions (Superset 6.0+), but for now, custom development is required ([SIP-126](https://github.com/apache/superset/issues/32116)). If you need pointers on where to start, look at how dashboards and charts implement ownership checks, and consider adding similar logic to the Alerts & Reports API. There’s no configuration flag or setting for this in 5.0.0. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/4d88633d-0296-48df-8448-b46659f7c81d?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/4d88633d-0296-48df-8448-b46659f7c81d?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/4d88633d-0296-48df-8448-b46659f7c81d?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/4d88633d-0296-48df-8448-b46659f7c81d?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/4d88633d-0296-48df-8448-b46659f7c81d?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/4d88633d-0296-48df-8448-b46659f7c81d?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/4d88633d-0296-48df-8448-b46659f7c81d?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35847) GitHub link: https://github.com/apache/superset/discussions/35847#discussioncomment-14783811 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
