Hi Matthew,
Thanks a lot for the link! Unfortunately I did not find the same
permissions on 3.0.1. It seems they have changed a bit. Playing with
them and trying to adapt to your example I have found a lot of
differences. And I did not get Dashboard only access.
I have found that "/can read on Charts/" is mandatory to show charts on
dashboards (makes sense...) but then on welcome page you have the option
to see the list and try to edit any of them. If you pick one you will
find that you cannot edit a chart because you do not have the
permissions (the intended effect as we are trying to allow you only to
see dashboards) And it is a bit misleading to users, when they only
should see dashboards.
If think that one solution could that "/can Dashboard on Superset/" or
similar might allow to see the charts you have the permission on their
data, as datasets. Or better even, welcome page should not offer any
chart list or options when you do not have permission to edit or write
charts.
DASHBOARD_RBAC is nice, but IMO when you have several groups with very
different permissions on data it is more likely to allow someone to see
some chart they should not, than it could happen fine tunning the
security of related datasets, etc.
Carlos
El 26/11/2023 a las 18:14, Matthew Mutee escribió:
I wrote a medium article on this sometime back. See if this is close to
what you are looking for.
Authorization in Apache Superset: Granular permissions at the dashboard
level | by Matthew Mutee | Medium
<https://urldefense.com/v3/__https://medium.com/@mmutiso/authorization-in-apache-superset-granular-permissions-at-the-dashboard-level-28d3adde3836__;!!D9dNQwwGXtA!SSmKFa-4Wpzrxsnsu_QCVQdebA8-Xxytq_QOApxsQKJFa3Gm4p1cE4_IpNDW7eEJR8rqzSDjJBY7fHQ$
>
Regards,
Matthew M. Mutiso
On Fri, 24 Nov 2023 at 21:00, Carlos Alonso Vega<los...@unavarra.es> wrote:
Hi Multazim,
Thanks a lot for your help. I have connected to the slack channel and
I am revising the slack thread about DASHBOARD_RBAC and checking it
against my conf.
In my case, I have a lot of different groups and roles and I have some
doubts about whether is better the RBAC approach or fine
tuning the security access from below (datasets, etc)
Thanks a lot
Carlos
El 24/11/2023 a las 4:07, multazim deshmukh escribió:
Hi Carlos,
IMO, it's doable with DASHBOARD_RBAC. We can chat further in Slack.
Please
join using
https://urldefense.com/v3/__http://bit.ly/join-superset-slack__;!!D9dNQwwGXtA!TdPHxRQXz6RYuQElfVqIzMfWDN9joeXF0mUliiRjx0MmMvxINjDBHeA7-fmmMoozwaWJi35qUV431XX-LQ$
On Fri, Nov 24, 2023 at 1:50 AM Carlos Alonso Vega<los...@unavarra.es>
wrote:
Hi,
For certain users I would like to restrict access to only dashboards
when entering to Superset. Playing with permissions I do no get to a
point that only Dashboards are available in the welcome page for these
users and nothing else.
Is it possible to show only Dashboards on welcome page or there is no
way to restrict access to charts on welcome page if user has access to
some dashboard that contains those charts?
TIA
Carlos
