GitHub user dosubot[bot] added a comment to the discussion: New role configuration for a reaonly role (with access to specific dashboards ONLY)
<!-- Answer --> Yes, with `DASHBOARD_RBAC` enabled, you can assign your new role to those two specific dashboards, and users with that role will only see those dashboards. Here's how it works: **How Dashboard RBAC works:** When roles are assigned to a dashboard, it bypasses dataset-level permission checks and implicitly grants read access to all charts and associated datasets on that dashboard . If no roles are assigned to a dashboard, regular dataset-level permissions apply as a fallback [[1]](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/dashboards/filters.py#L106-L109). **Minimum permissions for your restricted read-only role:** - `can read` on **Dashboard** - `can read` on **Chart** - `can read` on **CurrentUserRestApi** ⚠️ *Often missed — without it users get a black screen with "Something went wrong"* - `can explore` on **Superset** - `can explore_json` on **Superset** - `can log` on **Superset** - `can time range` on **Api** (if dashboards use time filters) - `can read` on **Dataset** - `can list` on **Dataset** - `can get` on **Dataset** - `can read` on **Database** - `can list` on **Database** - `can get` on **Database** - `can read` on **Theme** (if dashboards use themes — without it, users get 403 errors and infinite loading) [[2]](https://github.com/apache/superset/pull/38384) [[3]](https://github.com/apache/superset/discussions/39023) **Do NOT grant** `all_datasource_access` — users access data through the dashboard context instead. **Steps to set it up:** 1. Create the role with the permissions above 2. Make sure the two dashboards are marked as **published** (required for RBAC checks to work) [[4]](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py#L2425-L2429) 3. In each dashboard's settings, assign your new role — this can indeed be done via the API (`PUT /api/v1/dashboard/{id}` with the `roles` field) 4. Map the role in your `AUTH_ROLES_MAPPING` for the relevant Zitadel users Once the role is assigned to a dashboard, only users with that role (plus admins) will see it in the dashboard list and be able to access it. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=reply-with-mention&utm_term=apache%2Fsuperset).* --- Share context across your team and agents. Try [Dosu](https://dosu.dev?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-tagline&utm_term=apache%2Fsuperset). [](https://app.dosu.dev/response-feedback?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-feedback&utm_term=apache%2Fsuperset&message_id=c8d2e119-2117-44c3-8ebc-abb53eeb6e84) [](https://github.dosu.com/apache/superset?utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-learn-repo&utm_term=apache%2Fsuperset) [](https://app.dosu.dev/signup?referrer=openSource&source=github-footer&utm_source=github&utm_medium=bot-comment&utm_campaign=github-comment-footer-20260415&utm_content=knowledge-infrastructure-add-team&utm_term=apache%2Fsuperset) GitHub link: https://github.com/apache/superset/discussions/40701#discussioncomment-17160724 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
