GitHub user dosubot[bot] added a comment to the discussion: Access Denied toasts displaying Randomly for Custom "readonly" role
<!-- Answer --> Yes, this can absolutely be caused by differences in your talisman_config, especially the Content Security Policy (CSP) settings. For embedded dashboards to work in multiple domains, your TALISMAN_CONFIG in superset_config.py needs to include a frame-ancestors directive that lists all allowed domains for embedding. If one domain is missing from this list, Superset will block embedding there and you'll see "Access is Denied" toasts—even if the guest user and dashboard IDs are the same. After updating TALISMAN_CONFIG, you must restart Superset for changes to take effect. Also, check if you have a GUEST_TOKEN_VALIDATOR_HOOK or any custom logic that could be rejecting guest tokens based on domain or other criteria, as this can also cause domain-specific access issues even with identical users and dashboards. To troubleshoot: compare the TALISMAN_CONFIG (especially frame-ancestors and other CSP directives) between your environments, and check for any guest token validation hooks. Look for CSP or access denied errors in the browser console and Superset logs when embedding fails. More details on this setup are in the [official docs](https://github.com/apache/superset/blob/master/docs/docs/configuration/networking-settings.mdx#L25-L70) and [codebase](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py#L1636-L2008). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/bc7db619-5517-465e-9e35-00650a5565bb?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/bc7db619-5517-465e-9e35-00650a5565bb?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/bc7db619-5517-465e-9e35-00650a5565bb?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/bc7db619-5517-465e-9e35-00650a5565bb?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/bc7db619-5517-465e-9e35-00650a5565bb?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/bc7db619-5517-465e-9e35-00650a5565bb?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/bc7db619-5517-465e-9e35-00650a5565bb?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/34779) GitHub link: https://github.com/apache/superset/discussions/34779#discussioncomment-15024473 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
