Re: [D] Restrict charts [superset]

via GitHub Wed, 26 Nov 2025 01:02:01 -0800


GitHub user dosubot[bot] added a comment to the discussion: Restrict charts


<!-- Answer -->
Yes, you can filter charts by the user who created them using the created_by 
field instead of owners. In Superset, this is done by filtering on the 
Slice.created_by_fk field, which is a single user ID (not a list like owners) 
[reference](https://github.com/apache/superset/blob/master/superset/charts/filters.py).

To filter charts created by the current user and/or a list of users (by email 
or username), resolve those identifiers to user IDs, then filter with 
Slice.created_by_fk.in_(user_ids). Here’s an example filter for 
superset/charts/filters.py:

```python
from superset.charts.filters import BaseFilter
from superset.models.slice import Slice
from superset.security import get_username, security_manager
from sqlalchemy.orm import Query

class ChartCreatedByUsersFilter(BaseFilter):
    name = "Created by users"
    arg_name = "chart_created_by_users"

    def apply(self, query: Query, value) -> Query:
        if security_manager.is_admin():
            return query  # Admins see all charts

        # value should be a list of emails or usernames
        user_ids = []
        current_user = security_manager.get_user_by_username(get_username())
        if current_user:
            user_ids.append(current_user.id)
        for identifier in value or []:
            user = security_manager.get_user_by_username(identifier)
            if not user:
                user = 
security_manager.get_session.query(security_manager.user_model).filter(
                    security_manager.user_model.email == identifier
                ).one_or_none()
            if user:
                user_ids.append(user.id)
        user_ids = list(set(user_ids))
        if not user_ids:
            return query.filter(False)
        return query.filter(Slice.created_by_fk.in_(user_ids))
```

Register this filter in base_filters in superset/charts/api.py to enforce it 
globally. This approach matches how Superset handles filtering by created_by in 
the API and frontend 
[reference](https://github.com/apache/superset/blob/master/superset-frontend/src/views/CRUD/utils.tsx).

Let me know if you want a version that only uses emails or only usernames!


<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*

---
<sup>How did I do? 
[Good](https://app.dosu.dev/response-feedback/669ecfed-11ea-4312-8b66-d52c66770195?feedback_type=great_response)
 | 
[Irrelevant](https://app.dosu.dev/response-feedback/669ecfed-11ea-4312-8b66-d52c66770195?feedback_type=irrelevant_answer)
 | 
[Incorrect](https://app.dosu.dev/response-feedback/669ecfed-11ea-4312-8b66-d52c66770195?feedback_type=incorrect_sources)
 | 
[Verbose](https://app.dosu.dev/response-feedback/669ecfed-11ea-4312-8b66-d52c66770195?feedback_type=too_verbose)
 | 
[Hallucination](https://app.dosu.dev/response-feedback/669ecfed-11ea-4312-8b66-d52c66770195?feedback_type=hallucination)
 | [Report 
🐛](https://app.dosu.dev/response-feedback/669ecfed-11ea-4312-8b66-d52c66770195?feedback_type=bug_report)
 | 
[Other](https://app.dosu.dev/response-feedback/669ecfed-11ea-4312-8b66-d52c66770195?feedback_type=other)</sup>

[![Chat with 
Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)&nbsp;[![Open
 in 
Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=Yes%2C%20you%20can%20filter%20charts%20by%20the%20user%20who%20created%20them%20using%20the%20created_by%20field%20instead%20of%20owners.%20In%20Superset%2C%20this%20is%20done%20by%20filtering%20on%20the%20Slice.created_by_fk%20field%2C%20which%20is%20a%20single%20user%20ID%20%28not%20a%20list%20like%20owners%29%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/blob/master/superset/charts/filters.py%29.%0A%0ATo%20filter%20charts%20created%20by%20the%20current%20user%20and/or%20a%20list%20of%20users%20%28by%20email%20or%20username%29%2C%20resolve%20those%20identifiers%20to%20user%20IDs%2C%20then%20filter%20with%20Slice.created_by_fk.in_%28user_ids%29.%20Here%E2%80%99s%20an%20example%20filter%20for%20superset/charts/filters.py%3A%0A%0A%60%60%6
 
0python%0Afrom%20superset.charts.filters%20import%20BaseFilter%0Afrom%20superset.models.slice%20import%20Slice%0Afrom%20superset.security%20import%20get_username%2C%20security_manager%0Afrom%20sqlalchemy.orm%20import%20Query%0A%0Aclass%20ChartCreatedByUsersFilter%28BaseFilter%29%3A%0A%20%20%20%20name%20%3D%20%22Created%20by%20users%22%0A%20%20%20%20arg_name%20%3D%20%22chart_created_by_users%22%0A%0A%20%20%20%20def%20apply%28self%2C%20query%3A%20Query%2C%20value%29%20-%3E%20Query%3A%0A%20%20%20%20%20%20%20%20if%20security_manager.is_admin%28%29%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20query%20%20%23%20Admins%20see%20all%20charts%0A%0A%20%20%20%20%20%20%20%20%23%20value%20should%20be%20a%20list%20of%20emails%20or%20usernames%0A%20%20%20%20%20%20%20%20user_ids%20%3D%20%5B%5D%0A%20%20%20%20%20%20%20%20current_user%20%3D%20security_manager.get_user_by_username%28get_username%28%29%29%0A%20%20%20%20%20%20%20%20if%20current_user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20user_ids.ap
 
pend%28current_user.id%29%0A%20%20%20%20%20%20%20%20for%20identifier%20in%20value%20or%20%5B%5D%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20user%20%3D%20security_manager.get_user_by_username%28identifier%29%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20not%20user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20user%20%3D%20security_manager.get_session.query%28security_manager.user_model%29.filter%28%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20security_manager.user_model.email%20%3D%3D%20identifier%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%29.one_or_none%28%29%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20user_ids.append%28user.id%29%0A%20%20%20%20%20%20%20%20user_ids%20%3D%20list%28set%28user_ids%29%29%0A%20%20%20%20%20%20%20%20if%20not%20user_ids%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20query.filter%28False%29%0A%20%20%20%20%20%20%20%20return%20query.filter%28Slice.created_by_fk.in_%28user_ids
 
%29%29%0A%60%60%60%0A%0ARegister%20this%20filter%20in%20base_filters%20in%20superset/charts/api.py%20to%20enforce%20it%20globally.%20This%20approach%20matches%20how%20Superset%20handles%20filtering%20by%20created_by%20in%20the%20API%20and%20frontend%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/blob/master/superset-frontend/src/views/CRUD/utils.tsx%29.%0A%0ALet%20me%20know%20if%20you%20want%20a%20version%20that%20only%20uses%20emails%20or%20only%20usernames%21)&nbsp;[![Join
 
Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share
 on 
X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36259)

GitHub link: 
https://github.com/apache/superset/discussions/36259#discussioncomment-15084053

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [D] Restrict charts [superset]

Reply via email to