dflionis opened a new issue #7776: All Saved Queries are Public Across the User Base URL: https://github.com/apache/incubator-superset/issues/7776 Superset does not seem to allow users to have access to the Saved Queries "list" functionality _without_ allowing them to see all saved queries across all users, as well as the full list of users itself. ### Expected results Superset would allow lower privileged users to use all of the "Saved Query" functionality while giving administrators the option of blocking their access to queries saved by other users as well as access to the full list of users. ### Actual results When "Saved Queries" are enabled for users, they immediately gain full access to all saved queries across users and the full user list--and administrators don't seem to have the ability to hide this potentially sensitive information. #### Screenshots  #### How to reproduce the bug 1. Grant a role the ability to use Saved Queries (i.e. list, show, add, delete...saved queries permissions). 2. Add a user to that role 3. Attempt to prevent that user from accessing the full list of users and the full list of saved queries across users when the user navigates to the `/savedqueryview/list/` page ### Environment - superset version: 0.32.0rc2 - python version: 3.6 - node.js version: Unknown - npm version: Unknown ### Checklist Make sure these boxes are checked before submitting your issue - thank you! - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [x] I have reproduced the issue with at least the latest released version of superset. - [x] I have checked the issue tracker for the same issue and I haven't found one similar. ### Additional context N/A
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
