GitHub user boomrollkick created a discussion: Impersonate functionality
## Problem Statement Superset’s permission model is powerful but multi-layered (database → schema → dataset → chart → dashboard → feature access). In practice, this makes it difficult for admins to validate what a non-admin user can actually see. Currently: - Admin users bypass most permission checks - There is no way to “view as user” or “preview permissions as role” - Admins must create test users, log in/out repeatedly, or temporarily modify real users’ roles to debug access issues This becomes especially painful when: - Debugging “user can’t see dashboard X” issues - Validating least-privilege access before assigning roles - Managing many datasets and dashboards across teams (education, healthcare, finance, etc.) --- ## Proposed Feature Introduce an **Admin-only permission preview mode**, such as: ### Option A: “View as User” - Temporarily emulate a specific user’s permissions - Read-only by default - Session-scoped with a clear banner indicator (e.g. “Viewing as: userX”) - One-click exit back to admin context ### Option B: “Preview as Role” - Preview Superset UI and object visibility using the permissions of a selected role - Avoids identity impersonation concerns - Covers most permission-debugging use cases Either option would significantly improve: - Permission troubleshooting - Security validation - Admin confidence when granting access --- ## Non-Goals / Safety Considerations - No write actions while impersonating - No cross-user data mutation - Admin-only capability - Explicit visual indicator while in preview mode --- ## Why This Matters Other tools (e.g. Grafana, ServiceNow, many IAM systems) offer some form of impersonation or role preview, which makes access control auditable and debuggable. In Superset, the lack of this feature often leads to: - Over-granting permissions “just to make it work” - Trial-and-error role changes - Increased admin overhead A preview capability would directly support Superset’s security and governance goals. --- ## Happy to Contribute I’m happy to: - help refine the scope - test a prototype - or provide feedback from real-world usage Curious to hear maintainers’ thoughts on feasibility and preferred direction (user vs role preview). GitHub link: https://github.com/apache/superset/discussions/37705 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
