GitHub user dosubot[bot] added a comment to the discussion: public permalink
<!-- Answer --> That's expected: setting AUTH_ROLE_PUBLIC = "gamma" works because the Gamma role has more permissions by default, so anonymous users can view dashboards. The Public role, on the other hand, is usually empty unless you set PUBLIC_ROLE_LIKE (for example, to "Gamma") and run superset init—this copies the necessary permissions to the Public role. Without this, anonymous users assigned to the Public role will always be redirected to login, even if you manually add permissions in the UI, because those changes aren't persistent and get overwritten on init or upgrade. The recommended and secure way is to use AUTH_ROLE_PUBLIC = "Public", set PUBLIC_ROLE_LIKE = "Gamma" (or another role with the right permissions), run superset init, and then explicitly grant dataset access as needed [details](https://github.com/apache/superset/discussions/37641) [docs](https://github.com/apache/superset/blob/master/docs/docs/security/security.mdx). Using Gamma directly for AUTH_ROLE_PUBLIC is not recommended for security, since Gamma has more permissions than you typically want to expose to anonymous users [see discussion](https://github.com/apache/superset/pull/36025). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/11c76478-5edd-4e0e-a1a0-fe112c126f9e?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/11c76478-5edd-4e0e-a1a0-fe112c126f9e?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/11c76478-5edd-4e0e-a1a0-fe112c126f9e?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/11c76478-5edd-4e0e-a1a0-fe112c126f9e?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/11c76478-5edd-4e0e-a1a0-fe112c126f9e?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/11c76478-5edd-4e0e-a1a0-fe112c126f9e?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/11c76478-5edd-4e0e-a1a0-fe112c126f9e?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=That%27s%20expected%3A%20setting%20AUTH_ROLE_PUBLIC%20%3D%20%22gamma%22%20works%20because%20the%20Gamma%20role%20has%20more%20permissions%20by%20default%2C%20so%20anonymous%20users%20can%20view%20dashboards.%20The%20Public%20role%2C%20on%20the%20other%20hand%2C%20is%20usually%20empty%20unless%20you%20set%20PUBLIC_ROLE_LIKE%20%28for%20example%2C%20to%20%22Gamma%22%29%20and%20run%20superset%20init%E2%80%94this%20copies%20the%20necessary%20permissions%20to%20the%20Public%20role.%20Without%20this%2C%20anonymous%20users%20assigned%20to%20the%20Public%20role%20will%20always%20be%20redirected%20to%20login%2C%20even%20if%20you%20manually%20add%20permissions%20in%20the%20UI%2C%20because%20those%20changes%20aren%27t%20persistent%20and%20get%20overwritten%20on%2 0init%20or%20upgrade.%20The%20recommended%20and%20secure%20way%20is%20to%20use%20AUTH_ROLE_PUBLIC%20%3D%20%22Public%22%2C%20set%20PUBLIC_ROLE_LIKE%20%3D%20%22Gamma%22%20%28or%20another%20role%20with%20the%20right%20permissions%29%2C%20run%20superset%20init%2C%20and%20then%20explicitly%20grant%20dataset%20access%20as%20needed%C2%A0%5Bdetails%5D%28https%3A//github.com/apache/superset/discussions/37641%29%C2%A0%5Bdocs%5D%28https%3A//github.com/apache/superset/blob/master/docs/docs/security/security.mdx%29.%20%0A%0AUsing%20Gamma%20directly%20for%20AUTH_ROLE_PUBLIC%20is%20not%20recommended%20for%20security%2C%20since%20Gamma%20has%20more%20permissions%20than%20you%20typically%20want%20to%20expose%20to%20anonymous%20users%C2%A0%5Bsee%20discussion%5D%28https%3A//github.com/apache/superset/pull/36025%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37660) GitHub link: https://github.com/apache/superset/discussions/37660#discussioncomment-15693231 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
