GitHub user dosubot[bot] added a comment to the discussion: Restrict charts
<!-- Greeting --> Hi @keanec27! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> Superset supports chart-level access control based on ownership and admin privileges. By default, users can view charts they own or have created, and admins can view all charts. Recent updates allow filtering charts by fields like `owners`, `created_by`, and `changed_by`, which you can use to restrict chart visibility in the API or UI to those created by the user or by admins ([see code reference](https://github.com/apache/superset/blob/master/superset/charts/filters.py), [PR #29287](https://github.com/apache/superset/pull/29287)). There isn't a built-in filter that directly combines "charts created by the user OR by admin," but you can achieve this by customizing filters or queries to include both the current user's ID and the admin's user ID in the `created_by` field. Access checks also consider dataset permissions, so users must have access to the underlying data source as well ([unit test reference](https://github.com/apache/superset/blob/master/tests/unit_tests/explore/utils_test.py)). If you need this restriction in the UI, you may need to extend the existing filters or implement a custom filter that matches charts where `created_by` is either the current user or an admin. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/34d9da39-847c-4e5b-bb63-4c1595c02299?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/34d9da39-847c-4e5b-bb63-4c1595c02299?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/34d9da39-847c-4e5b-bb63-4c1595c02299?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/34d9da39-847c-4e5b-bb63-4c1595c02299?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/34d9da39-847c-4e5b-bb63-4c1595c02299?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/34d9da39-847c-4e5b-bb63-4c1595c02299?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/34d9da39-847c-4e5b-bb63-4c1595c02299?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Superset%20supports%20chart-level%20access%20control%20based%20on%20ownership%20and%20admin%20privileges.%20By%20default%2C%20users%20can%20view%20charts%20they%20own%20or%20have%20created%2C%20and%20admins%20can%20view%20all%20charts.%20Recent%20updates%20allow%20filtering%20charts%20by%20fields%20like%20%60owners%60%2C%20%60created_by%60%2C%20and%20%60changed_by%60%2C%20which%20you%20can%20use%20to%20restrict%20chart%20visibility%20in%20the%20API%20or%20UI%20to%20those%20created%20by%20the%20user%20or%20by%20admins%C2%A0%28%5Bsee%20code%20reference%5D%28https%3A//github.com/apache/superset/blob/master/superset/charts/filters.py%29%2C%20%5BPR%20%2329287%5D%28https%3A//github.com/apache/superset/pull/29287%29%29.%0A%0AThere%20isn%27t%20a%20built-in%20 filter%20that%20directly%20combines%20%22charts%20created%20by%20the%20user%20OR%20by%20admin%2C%22%20but%20you%20can%20achieve%20this%20by%20customizing%20filters%20or%20queries%20to%20include%20both%20the%20current%20user%27s%20ID%20and%20the%20admin%27s%20user%20ID%20in%20the%20%60created_by%60%20field.%20Access%20checks%20also%20consider%20dataset%20permissions%2C%20so%20users%20must%20have%20access%20to%20the%20underlying%20data%20source%20as%20well%C2%A0%28%5Bunit%20test%20reference%5D%28https%3A//github.com/apache/superset/blob/master/tests/unit_tests/explore/utils_test.py%29%29.%0A%0AIf%20you%20need%20this%20restriction%20in%20the%20UI%2C%20you%20may%20need%20to%20extend%20the%20existing%20filters%20or%20implement%20a%20custom%20filter%20that%20matches%20charts%20where%20%60created_by%60%20is%20either%20the%20current%20user%20or%20an%20admin.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36259) GitHub link: https://github.com/apache/superset/discussions/36259#discussioncomment-15071619 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
