rusackas opened a new pull request, #36548:
URL: https://github.com/apache/superset/pull/36548
### SUMMARY
This PR adds a new built-in "Public" role to Superset, designed for
anonymous/unauthenticated users who need to view dashboards. The Public role is
more restrictive than Gamma and provides sensible defaults for public-facing
dashboard deployments.
**Background:** In #36025, it was identified that using `PUBLIC_ROLE_LIKE =
"Gamma"` grants excessive permissions including write and delete capabilities
that are inappropriate for public access. Rather than documenting a complex set
of manual permissions, this PR creates a new built-in role with sensible,
secure defaults.
**Key changes:**
- New `PUBLIC_ROLE_PERMISSIONS` set defining minimal dashboard viewing
permissions
- New `_is_public_pvm()` method to determine Public role permissions
- Public role is now created during `sync_role_definitions()` alongside
Admin, Alpha, Gamma, and sql_lab
- Users can set `PUBLIC_ROLE_LIKE = "Public"` to use these safe defaults
**The Public role includes:**
- Dashboard and chart viewing (`can_read on Dashboard`, `can_read on Chart`)
- Interactive dashboard filters (`can_read/write on
DashboardFilterStateRestApi`)
- Dashboard permalinks (`can_dashboard_permalink`, `can_read on
DashboardPermalinkRestApi`)
- Embedded dashboard support (`can_read on EmbeddedDashboard`)
- Datasource metadata for chart rendering (`can_get`,
`can_external_metadata` on Datasource)
- CSS templates for styling (`can_read on CssTemplate`)
- API access for chart rendering (`can_time_range`, `can_query_form_data`,
`can_query` on Api)
**The Public role explicitly excludes:**
- Write permissions on dashboards, charts, datasets
- SQL Lab access
- Share functionality
- User profile/admin features
- Menu access to most features
- Any `all_datasource_access` or `all_database_access` permissions
**Note:** The existing `PUBLIC_ROLE_LIKE` config is preserved and continues
to work - users can still copy any role (including "Public") to the actual
public role. This maintains backward compatibility while providing a safer
default option.
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A - This is a backend role/permission change.
### TESTING INSTRUCTIONS
1. Run `superset init` to sync role definitions
2. Verify the new "Public" role exists in Security > List Roles
3. Check the Public role has the expected minimal permissions (see list
above)
4. Test setting `PUBLIC_ROLE_LIKE = "Public"` in config and verify anonymous
users can view dashboards but cannot:
- Edit dashboards or charts
- Access SQL Lab
- Share content
- Access admin menus
### ADDITIONAL INFORMATION
- [x] Has associated issue: #36025
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration
- [x] Introduces new feature or API
- [ ] Removes existing feature or API
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
