Ilya0527 commented on issue #40225: URL: https://github.com/apache/superset/issues/40225#issuecomment-4483356322
That clarifies the 6.1.0 contract — MCP_DEV_USERNAME is the only supported path, and per-request JWT→user mapping lands later. The follow-on for multi-tenant deployments: every MCP tool call now executes as that single delegated account, which collapses row-level security, dataset permissions, and the audit trail to one principal. Is there a recommended pattern for limiting blast radius — a dedicated `mcp_service` role with narrowed schema/database grants — or is the expectation that operators only enable MCP in single-tenant setups until access-token support arrives? Two things that would help 6.1.0 users immediately: documenting the minimum FAB roles MCP_DEV_USERNAME needs for `health_check` to pass (Public + Gamma seems under-privileged), and whether per-request identity in the next release will arrive via ASGI middleware on the FastMCP mount or a Flask→ASGI bridge. That structural choice determines how external IdPs like Keycloak plug in, so even a rough direction would help downstream integrators plan. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
