GitHub user dosubot[bot] added a comment to the discussion: How to restrict visible users and roles in dashboard ownership/visibility dropdowns for specific custom roles?
<!-- Answer --> Your filter functions in EXTRA_RELATED_QUERY_FILTERS should work for dashboard ownership/visibility dropdowns, but only if the backend API is wired to use them. In Superset 5.0.0, the dashboard API uses base_related_field_filters and related_field_filters to control which users and roles appear in these dropdowns. These filters delegate to BaseFilterRelatedUsers and BaseFilterRelatedRoles, which do call your EXTRA_RELATED_QUERY_FILTERS functions if set [source](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/views/filters.py). If your filters aren’t working, check these points: - Make sure your superset_config.py is loaded and the functions are being called (add a log or print statement in your filter to confirm). - Ensure your filter logic matches your user/role model. For example, to restrict users to only those sharing the same roles as the current user, use: ```python def user_filter(query, *args, **kwargs): from flask import g from superset import security_manager user_model = security_manager.user_model role_model = security_manager.role_model current_user_roles = {role.id for role in security_manager.get_user_roles(g.user)} return query.join(user_model.roles).filter(role_model.id.in_(current_user_roles)).distinct() ``` ```python def role_filter(query, *args, **kwargs): from flask import g from superset import security_manager base_roles = ["Gamma", "sql_lab"] current_user_roles = [role.name for role in security_manager.get_user_roles(g.user)] allowed_roles = set(base_roles) | set(current_user_roles) role_model = security_manager.role_model return query.filter(role_model.name.in_(allowed_roles)) ``` ```python EXTRA_RELATED_QUERY_FILTERS = { "user": user_filter, "role": role_filter, } ``` - Restart Superset after changing superset_config.py. - If you use FAB_ADD_SECURITY_API, note that user/role management endpoints (/api/v1/security/users/, /api/v1/security/roles/) are handled by Flask AppBuilder and ignore these filters. For tenant-based filtering there, subclass UserApi or RoleApi, override the list method, and register your subclass in FLASK_APP_MUTATOR [example](https://github.com/apache/superset/discussions/33877#discussioncomment-13679617). If you still see all users/roles, double-check your filter logic and confirm the backend is calling your filter functions for the relevant dropdowns. Let me know if you want a more detailed example for your specific user/role schema. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/8df4efd3-b2af-4c5d-8785-2a1ecf1b9453?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/8df4efd3-b2af-4c5d-8785-2a1ecf1b9453?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/8df4efd3-b2af-4c5d-8785-2a1ecf1b9453?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/8df4efd3-b2af-4c5d-8785-2a1ecf1b9453?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/8df4efd3-b2af-4c5d-8785-2a1ecf1b9453?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/8df4efd3-b2af-4c5d-8785-2a1ecf1b9453?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/8df4efd3-b2af-4c5d-8785-2a1ecf1b9453?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Your%20filter%20functions%20in%20EXTRA_RELATED_QUERY_FILTERS%20should%20work%20for%20dashboard%20ownership/visibility%20dropdowns%2C%20but%20only%20if%20the%20backend%20API%20is%20wired%20to%20use%20them.%20In%20Superset%205.0.0%2C%20the%20dashboard%20API%20uses%20base_related_field_filters%20and%20related_field_filters%20to%20control%20which%20users%20and%20roles%20appear%20in%20these%20dropdowns.%20These%20filters%20delegate%20to%20BaseFilterRelatedUsers%20and%20BaseFilterRelatedRoles%2C%20which%20do%20call%20your%20EXTRA_RELATED_QUERY_FILTERS%20functions%20if%20set%20%5Bsource%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/views/filters.py%29.%0A%0AIf%20your%20filters%20aren%E2%80%99t%20working%2C%2 0check%20these%20points%3A%0A%0A-%20Make%20sure%20your%20superset_config.py%20is%20loaded%20and%20the%20functions%20are%20being%20called%20%28add%20a%20log%20or%20print%20statement%20in%20your%20filter%20to%20confirm%29.%0A-%20Ensure%20your%20filter%20logic%20matches%20your%20user/role%20model.%20For%20example%2C%20to%20restrict%20users%20to%20only%20those%20sharing%20the%20same%20roles%20as%20the%20current%20user%2C%20use%3A%0A%0A%20%20%60%60%60python%0A%20%20def%20user_filter%28query%2C%20%2Aargs%2C%20%2A%2Akwargs%29%3A%0A%20%20%20%20%20%20from%20flask%20import%20g%0A%20%20%20%20%20%20from%20superset%20import%20security_manager%0A%20%20%20%20%20%20user_model%20%3D%20security_manager.user_model%0A%20%20%20%20%20%20role_model%20%3D%20security_manager.role_model%0A%20%20%20%20%20%20current_user_roles%20%3D%20%7Brole.id%20for%20role%20in%20security_manager.get_user_roles%28g.user%29%7D%0A%20%20%20%20%20%20return%20query.join%28user_model.roles%29.filter%28role_model.id.in_%28current_u ser_roles%29%29.distinct%28%29%0A%20%20%60%60%60%0A%0A%20%20%60%60%60python%0A%20%20def%20role_filter%28query%2C%20%2Aargs%2C%20%2A%2Akwargs%29%3A%0A%20%20%20%20%20%20from%20flask%20import%20g%0A%20%20%20%20%20%20from%20superset%20import%20security_manager%0A%20%20%20%20%20%20base_roles%20%3D%20%5B%22Gamma%22%2C%20%22sql_lab%22%5D%0A%20%20%20%20%20%20current_user_roles%20%3D%20%5Brole.name%20for%20role%20in%20security_manager.get_user_roles%28g.user%29%5D%0A%20%20%20%20%20%20allowed_roles%20%3D%20set%28base_roles%29%20%7C%20set%28current_user_roles%29%0A%20%20%20%20%20%20role_model%20%3D%20security_manager.role_model%0A%20%20%20%20%20%20return%20query.filter%28role_model.name.in_%28allowed_roles%29%29%0A%20%20%60%60%60%0A%0A%20%20%60%60%60python%0A%20%20EXTRA_RELATED_QUERY_FILTERS%20%3D%20%7B%0A%20%20%20%20%20%20%22user%22%3A%20user_filter%2C%0A%20%20%20%20%20%20%22role%22%3A%20role_filter%2C%0A%20%20%7D%0A%20%20%60%60%60%0A%0A-%20Restart%20Superset%20after%20changing%20superset_con fig.py.%0A-%20If%20you%20use%20FAB_ADD_SECURITY_API%2C%20note%20that%20user/role%20management%20endpoints%20%28/api/v1/security/users/%2C%20/api/v1/security/roles/%29%20are%20handled%20by%20Flask%20AppBuilder%20and%20ignore%20these%20filters.%20For%20tenant-based%20filtering%20there%2C%20subclass%20UserApi%20or%20RoleApi%2C%20override%20the%20list%20method%2C%20and%20register%20your%20subclass%20in%20FLASK_APP_MUTATOR%20%5Bexample%5D%28https%3A//github.com/apache/superset/discussions/33877%23discussioncomment-13679617%29.%0A%0AIf%20you%20still%20see%20all%20users/roles%2C%20double-check%20your%20filter%20logic%20and%20confirm%20the%20backend%20is%20calling%20your%20filter%20functions%20for%20the%20relevant%20dropdowns.%20Let%20me%20know%20if%20you%20want%20a%20more%20detailed%20example%20for%20your%20specific%20user/role%20schema.) [](https://go.dosu.dev/discord-bot) [![Share on X] (https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37133) GitHub link: https://github.com/apache/superset/discussions/37133#discussioncomment-15498211 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
