dosubot[bot] commented on issue #37294: URL: https://github.com/apache/superset/issues/37294#issuecomment-3774710431
<!-- Answer --> This happens because when you assign a theme to a dashboard in Superset 6.0.0 with DASHBOARD_RBAC enabled, the system checks if the viewing user (including unauthenticated/public users) has the `can read Theme` permission. If the Public role doesn't have this permission, unauthenticated users are redirected to the login page instead of seeing the dashboard. Removing the theme or granting `can read Theme` to the Public role restores public access. This is consistent with how Superset handles permissions for related objects—missing read/list/show permissions on things like datasets, charts, or themes can block access for readonly or public roles and trigger login redirects. The built-in Public role is intended to have only minimal, safe permissions, and `can read Theme` is not always included by default, especially for custom or database-stored themes. There isn't official documentation listing this permission as required for public dashboards, but community reports confirm that adding it resolves the issue when themes are assigned. To fix this, add the `can read Theme` permission to the Public role. Be aware that permissions for the Public role may be reset on upgrades or restarts, so you may need to reapply this change if you update Superset in the future. For more details on the Public role and permission model, see the [built-in Public role PR](https://github.com/apache/superset/pull/36548). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/62bdcff2-9d23-4256-b935-2ec9144bbfe7?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/62bdcff2-9d23-4256-b935-2ec9144bbfe7?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/62bdcff2-9d23-4256-b935-2ec9144bbfe7?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/62bdcff2-9d23-4256-b935-2ec9144bbfe7?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/62bdcff2-9d23-4256-b935-2ec9144bbfe7?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/62bdcff2-9d23-4256-b935-2ec9144bbfe7?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/62bdcff2-9d23-4256-b935-2ec9144bbfe7?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=This%20happens%20because%20when%20you%20assign%20a%20theme%20to%20a%20dashboard%20in%20Superset%206.0.0%20with%20DASHBOARD_RBAC%20enabled%2C%20the%20system%20checks%20if%20the%20viewing%20user%20%28including%20unauthenticated/public%20users%29%20has%20the%20%60can%20read%20Theme%60%20permission.%20If%20the%20Public%20role%20doesn%27t%20have%20this%20permission%2C%20unauthenticated%20users%20are%20redirected%20to%20the%20login%20page%20instead%20of%20seeing%20the%20dashboard.%20Removing%20the%20theme%20or%20granting%20%60can%20read%20Theme%60%20to%20the%20Public%20role%20restores%20public%20access.%0A%0AThis%20is%20consistent%20with%20how%20Superset%20handles%20permissions%20for%20related%20objects%E2%80%94missing%20read/list/show%20permissions%20on %20things%20like%20datasets%2C%20charts%2C%20or%20themes%20can%20block%20access%20for%20readonly%20or%20public%20roles%20and%20trigger%20login%20redirects.%20The%20built-in%20Public%20role%20is%20intended%20to%20have%20only%20minimal%2C%20safe%20permissions%2C%20and%20%60can%20read%20Theme%60%20is%20not%20always%20included%20by%20default%2C%20especially%20for%20custom%20or%20database-stored%20themes.%20There%20isn%27t%20official%20documentation%20listing%20this%20permission%20as%20required%20for%20public%20dashboards%2C%20but%20community%20reports%20confirm%20that%20adding%20it%20resolves%20the%20issue%20when%20themes%20are%20assigned.%0A%0ATo%20fix%20this%2C%20add%20the%20%60can%20read%20Theme%60%20permission%20to%20the%20Public%20role.%20Be%20aware%20that%20permissions%20for%20the%20Public%20role%20may%20be%20reset%20on%20upgrades%20or%20restarts%2C%20so%20you%20may%20need%20to%20reapply%20this%20change%20if%20you%20update%20Superset%20in%20the%20future.%20For%20more%20details%20o n%20the%20Public%20role%20and%20permission%20model%2C%20see%20the%20%5Bbuilt-in%20Public%20role%20PR%5D%28https%3A//github.com/apache/superset/pull/36548%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/37294) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
