graceguo-supercat commented on pull request #11755: URL: https://github.com/apache/incubator-superset/pull/11755#issuecomment-740423010
It's good that users only see dataset list from they `owned`, and can only overwrite dataset that he `owned`. But there is a `can_access_all_datasources` permission: Users with `can_access_all_datasources` can add anyone as owner of a dataset. For these users, they can still overwrite others dataset (after they add them as dataset owners). Can you confirm this is expected behavior? There is no extra protection in `can_access_all_datasources` users? Thanks @hughhhh! ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
