GitHub user NicoMovh created a discussion: Allow assigning a Group to a 
dashboard's access list

With user Groups now in superset, it's still not possible to grant a *group* 
access to a dashboard. Dashboard access remains role-only.

For SSO deployments where team membership is expressed as groups (LDAP/OIDC), 
this means you can't share a dashboard with a group without a stand-in role per 
group which reintroduces exactly the per-role overhead that groups were meant 
to remove.

Could the group → dashboard binding be delivered mirroring the existing role 
mechanism? Adding a `dashboard_groups` association parallel to 
`dashboard_roles` with the `DASHBOARD_RBAC` flag.

This is really just the "Viewer" slice of the Subject model that was already
designed in [#28021](https://github.com/apache/superset/issues/28021) (SIP-126, 
now closed) and re-proposed in the 
[#32116](https://github.com/apache/superset/issues/32116) (SIP-156, closed too) 
thread where a dashboard's access list would accept a User, Group, or Role, and 
DASHBOARD_RBAC roles would be migrated into Viewers. Rather than waiting on 
that full Subject/Viewer migration (now under 
[#28377](https://github.com/apache/superset/issues/28377, SIP-131), could just 
the Group-as-Viewer part land incrementally on top of the groups that already 
shipped?

This Discussion is asking specifically whether the dashboard-group case can be 
delivered on top of
the groups that is already available, rather than waiting on a full redesign.


GitHub link: https://github.com/apache/superset/discussions/41684

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to