[I] Admin UI: allow administrators to change/reset another user's password [superset]

Fri, 21 Nov 2025 04:52:19 -0800 


ThomasBayen opened a new issue, #36223:
URL: https://github.com/apache/superset/issues/36223

   ### Bug description
   
   Currently (using Superset 6.0.0rc2) there is no straightforward, documented 
way for a Superset admin to change or reset another user's password from the 
web UI. This makes account recovery and user management harder for operators 
and requires server-side or DB access to reset passwords.
   
   ### Why this matters
   Operators and helpdesk staff need a safe in-product way to reset user 
passwords without direct DB edits or ad-hoc scripts. Relying on manual DB 
changes is error-prone and a security/operational burden.
   
   ### Expected behavior
   In Security → List Users (or on the "edit users" page), a site admin should 
be able to click "Reset password" (or similar), provide a new password, confirm 
and save; the user's password is updated and they can sign in with the new 
credentials
   
   Optionally: audit log entry created when an admin changes someone else's 
password for traceability.
   
   Action requires an Admin role (or a configurable permission).
   
   ### Workaround
   (documented so admins can use it while the feature is implemented)
   
   ```
   docker exec -it superset_app superset fab reset-password \
     --username "Joe User" --password "password"
   ```
   
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   master / latest-dev
   
   ### Python version
   
   3.10
   
   ### Node version
   
   16
   
   ### Browser
   
   Chrome
   
   ### Additional context
   
   Superset Version 6.0.0rc2
   
   ### Checklist
   
   - [x] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [x] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [ ] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to