Re: [D] How to restrict visible users and roles in dashboard ownership/visibility dropdowns for specific custom roles? [superset]

Wed, 14 Jan 2026 08:55:05 -0800 


GitHub user gpandolfino added a comment to the discussion: How to restrict 
visible users and roles in dashboard ownership/visibility dropdowns for 
specific custom roles?

I've applied the rule you told me, but nothing changed.
This is the script:

`def user_filter(query, *args, **kwargs):
    from flask import g
    from superset import security_manager
    if not g.user or not hasattr(g.user, 'roles'):
        return query
    restricted_roles = ["superset-RESTRICT-THIS-ROLE"]
    user_model = security_manager.user_model
    role_model = security_manager.role_model
    current_user = g.user
    current_user_role_names = [role.name for role in current_user.roles]
    # Compute which restricted roles the current user has (can be multiple).
    # We want the UNION (distinct) of users who have ANY of these roles.
    current_user_restricted_roles = sorted(
        {r for r in current_user_role_names if r in restricted_roles}
    )
    # If user has at least one restricted role, filter users accordingly.
    if current_user_restricted_roles:
        # Join roles and filter by role name, then DISTINCT to avoid duplicates 
caused by the join.
        return (
            query.join(user_model.roles)
            .filter(role_model.name.in_(current_user_restricted_roles))
            .distinct()
        )
    return query`

`def role_filter(query, *args, **kwargs):
    from flask import g
    from superset import security_manager
    if not g.user or not hasattr(g.user, 'roles'):
        return query
    restricted_roles = ["superset-RESTRICT-THIS-ROLE"]
    role_model = security_manager.role_model
    current_user_role_names = [role.name for role in g.user.roles]
    user_restricted_roles = [r for r in current_user_role_names if r in 
restricted_roles]
    if user_restricted_roles:
        # User sees only their restricted roles (can have multiple)
        return query.filter(role_model.name.in_(user_restricted_roles))
    return query`

`EXTRA_RELATED_QUERY_FILTERS = {
    "user": user_filter,
    "role": role_filter,
}
`

The user with the  superset-RESTRICT-THIS-ROLE role is free to change the 
ownership of a Dashboard/Chart with all the other ones of the installations; we 
don't want this

GitHub link: 
https://github.com/apache/superset/discussions/37133#discussioncomment-15498091

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to