GitHub user dosubot[bot] added a comment to the discussion: public permalink
<!-- Answer --> For public dashboard permalink access, the Public role needs these permissions: `can_dashboard_permalink` on Superset, `can_read` on Dashboard, Chart, DashboardPermalinkRestApi, DashboardFilterStateRestApi, Annotation, AnnotationLayerRestApi, ExplorePermalinkRestApi, EmbeddedDashboard, CssTemplate, and Datasource (plus `can_get` and `can_external_metadata` on Datasource), as well as `can_dashboard`, `can_slice`, `can_explore_json`, `can_time_range`, `can_query_form_data`, and `can_query` on Api. The Public role must also have explicit access to the dashboard itself and to all datasets and databases used by the dashboard’s charts—otherwise, anonymous users will be redirected to login when using the permalink. Avoid granting all_datasource_access or all_database_access to Public for security reasons [see the official permission list](https://github.com/apache/superset/pull/36548). These permissions must be set persistently (using PUBLIC_ROLE_LIKE and superset init); manual changes in the UI are not reliable. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/1b575ff6-1686-42b0-9bdb-8763b84be7f5?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/1b575ff6-1686-42b0-9bdb-8763b84be7f5?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/1b575ff6-1686-42b0-9bdb-8763b84be7f5?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/1b575ff6-1686-42b0-9bdb-8763b84be7f5?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/1b575ff6-1686-42b0-9bdb-8763b84be7f5?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/1b575ff6-1686-42b0-9bdb-8763b84be7f5?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/1b575ff6-1686-42b0-9bdb-8763b84be7f5?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=For%20public%20dashboard%20permalink%20access%2C%20the%20Public%20role%20needs%20these%20permissions%3A%20%60can_dashboard_permalink%60%20on%20Superset%2C%20%60can_read%60%20on%20Dashboard%2C%20Chart%2C%20DashboardPermalinkRestApi%2C%20DashboardFilterStateRestApi%2C%20Annotation%2C%20AnnotationLayerRestApi%2C%20ExplorePermalinkRestApi%2C%20EmbeddedDashboard%2C%20CssTemplate%2C%20and%20Datasource%20%28plus%20%60can_get%60%20and%20%60can_external_metadata%60%20on%20Datasource%29%2C%20as%20well%20as%20%60can_dashboard%60%2C%20%60can_slice%60%2C%20%60can_explore_json%60%2C%20%60can_time_range%60%2C%20%60can_query_form_data%60%2C%20and%20%60can_query%60%20on%20Api.%20The%20Public%20role%20must%20also%20have%20explicit%20access%20to%20the%20dashboard%20itse lf%20and%20to%20all%20datasets%20and%20databases%20used%20by%20the%20dashboard%E2%80%99s%20charts%E2%80%94otherwise%2C%20anonymous%20users%20will%20be%20redirected%20to%20login%20when%20using%20the%20permalink.%20Avoid%20granting%20all_datasource_access%20or%20all_database_access%20to%20Public%20for%20security%20reasons%C2%A0%5Bsee%20the%20official%20permission%20list%5D%28https%3A//github.com/apache/superset/pull/36548%29.%0A%0AThese%20permissions%20must%20be%20set%20persistently%20%28using%20PUBLIC_ROLE_LIKE%20and%20superset%20init%29%3B%20manual%20changes%20in%20the%20UI%20are%20not%20reliable.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37660) GitHub link: https://github.com/apache/superset/discussions/37660#discussioncomment-15693313 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
