GitHub user dosubot[bot] added a comment to the discussion: Login redirection
does not use subpath prefix
<!-- Answer -->
For fully public access (no login, no tokens — anyone with the link can view),
you need to configure the **Public role** approach. Add the following to your
`superset_config.py`:
```python
# Enable anonymous/public access
AUTH_ROLE_PUBLIC = "Public"
PUBLIC_ROLE_LIKE = "Public"
# Feature flags
FEATURE_FLAGS = {
"EMBEDDED_SUPERSET": True, # If you also want iframe embedding
"EMBEDDABLE_CHARTS": True, # For chart embedding
}
```
[[1]](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py#L350)
[[2]](https://github.com/apache/superset/pull/36548)
**Setup steps after configuration:**
1. Run `superset init` to sync the Public role permissions
[[3]](https://github.com/apache/superset/discussions/37660)
2. Make sure your dashboards are set to **Published** (not Draft)
[[4]](https://github.com/apache/superset/discussions/31949)
3. **Grant the Public role access to each dashboard** — edit the dashboard →
add "Public" to its roles
4. **Grant the Public role access to the underlying datasets** — this is
separate from dashboard access and often missed
[[2]](https://github.com/apache/superset/pull/36548)
**If you also want to embed via iframe**, add CSP configuration to allow your
embedding domain:
```python
TALISMAN_CONFIG = {
"content_security_policy": {
"frame-ancestors": ["'self'", "*.your-domain.com"],
},
}
```
Then use an iframe with the `?standalone=1` parameter to hide the Superset
navigation:
```html
<iframe
src="https://localhost/analytics/superset/dashboard/YOUR_DASHBOARD_ID/?standalone=1";
width="100%"
height="800"
frameBorder="0"
></iframe>
```
[[4]](https://github.com/apache/superset/discussions/31949)
**Important notes:**
- `PUBLIC_ROLE_LIKE = "Public"` uses secure read-only defaults. Using `"Gamma"`
instead would grant write/delete permissions, which is not recommended
[[2]](https://github.com/apache/superset/pull/36548)
- Manual edits to the Public role via the UI are not persistent — they get
overwritten on `superset init`. Always use `PUBLIC_ROLE_LIKE` in config instead
[[3]](https://github.com/apache/superset/discussions/37660)
- Since you're behind Traefik with `/analytics`, your iframe `src` should
include that prefix
<!-- Dosu Comment Footer -->
*To reply, just mention
[@dosu](https://go.dosu.dev/dosubot?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=reply-with-mention&utm_term=apache%2Fsuperset).*
---
Docs are dead. Just use
[Dosu](https://dosu.dev?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=static-docs-tagline&utm_term=apache%2Fsuperset).
[](https://app.dosu.dev/response-feedback?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=static-docs-feedback&utm_term=apache%2Fsuperset&message_id=f6d3ad14-7c90-4383-a581-810dc44c65d7)
[](https://github.dosu.com/apache/superset?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=static-docs-ask-repo&utm_term=apache%2Fsuperset)
[](https://app.dosu.dev/signup?referrer=openSource&source=github-footer&utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=static-docs-share-team&utm_term=apache%2Fsuperset)
GitHub link:
https://github.com/apache/superset/discussions/40082#discussioncomment-17009290
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
