GitHub user dosubot[bot] added a comment to the discussion: Restrict charts
<!-- Answer --> Yes, you can restrict chart access based on the owners field using Superset's built-in chart filters. For example, ChartOwnedCreatedFavoredByMeFilter and related filters let you show only charts owned, created, changed, or favored by the current user in the UI or API. You can also filter by specific owners (like admin) by customizing queries or filters to include both the current user's ID and the admin's user ID in the owners field ([chart filters code](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/charts/filters.py)). EXTRA_DYNAMIC_QUERY_FILTERS is not implemented for chart-level access control—it's only available for databases by default and isn't wired into the chart API or filters ([config reference](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py#L1909-L1951)). For charts, use the existing chart filters or customize the backend to enforce stricter visibility rules. If you want to limit which users appear in the "Owners" dropdown in the UI, you can use EXTRA_RELATED_QUERY_FILTERS in your superset_config.py, but this only affects the dropdown, not actual chart visibility ([config example](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py#L1909-L1951)). To strictly enforce "users only see charts they own or that are owned by admin," you would need to customize the backend filters and possibly the frontend to apply this logic by default. There is no global config or feature flag to enforce this out of the box ([discussion](https://github.com/apache/superset/discussions/35772)). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/b4f13941-8d8c-4847-acb7-c74dc9155189?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/b4f13941-8d8c-4847-acb7-c74dc9155189?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/b4f13941-8d8c-4847-acb7-c74dc9155189?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/b4f13941-8d8c-4847-acb7-c74dc9155189?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/b4f13941-8d8c-4847-acb7-c74dc9155189?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/b4f13941-8d8c-4847-acb7-c74dc9155189?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/b4f13941-8d8c-4847-acb7-c74dc9155189?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Yes%2C%20you%20can%20restrict%20chart%20access%20based%20on%20the%20owners%20field%20using%20Superset%27s%20built-in%20chart%20filters.%20For%20example%2C%20ChartOwnedCreatedFavoredByMeFilter%20and%20related%20filters%20let%20you%20show%20only%20charts%20owned%2C%20created%2C%20changed%2C%20or%20favored%20by%20the%20current%20user%20in%20the%20UI%20or%20API.%20You%20can%20also%20filter%20by%20specific%20owners%20%28like%20admin%29%20by%20customizing%20queries%20or%20filters%20to%20include%20both%20the%20current%20user%27s%20ID%20and%20the%20admin%27s%20user%20ID%20in%20the%20owners%20field%C2%A0%28%5Bchart%20filters%20code%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/charts/filters.py%29%29.%0A%0AEXT RA_DYNAMIC_QUERY_FILTERS%20is%20not%20implemented%20for%20chart-level%20access%20control%E2%80%94it%27s%20only%20available%20for%20databases%20by%20default%20and%20isn%27t%20wired%20into%20the%20chart%20API%20or%20filters%C2%A0%28%5Bconfig%20reference%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py%23L1909-L1951%29%29.%20For%20charts%2C%20use%20the%20existing%20chart%20filters%20or%20customize%20the%20backend%20to%20enforce%20stricter%20visibility%20rules.%0A%0AIf%20you%20want%20to%20limit%20which%20users%20appear%20in%20the%20%22Owners%22%20dropdown%20in%20the%20UI%2C%20you%20can%20use%20EXTRA_RELATED_QUERY_FILTERS%20in%20your%20superset_config.py%2C%20but%20this%20only%20affects%20the%20dropdown%2C%20not%20actual%20chart%20visibility%C2%A0%28%5Bconfig%20example%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py%23L1909-L1951%29%29.%0A%0ATo%20strictly%20enforce%20%22us ers%20only%20see%20charts%20they%20own%20or%20that%20are%20owned%20by%20admin%2C%22%20you%20would%20need%20to%20customize%20the%20backend%20filters%20and%20possibly%20the%20frontend%20to%20apply%20this%20logic%20by%20default.%20There%20is%20no%20global%20config%20or%20feature%20flag%20to%20enforce%20this%20out%20of%20the%20box%C2%A0%28%5Bdiscussion%5D%28https%3A//github.com/apache/superset/discussions/35772%29%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36259) GitHub link: https://github.com/apache/superset/discussions/36259#discussioncomment-15071704 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
