dosubot[bot] commented on issue #31637: URL: https://github.com/apache/superset/issues/31637#issuecomment-2564317816
<!-- Answer --> To restrict dataset access to a specific role, such as `power_user`, in Apache Superset, while ensuring that other roles like `Admin` and `Gamma` cannot access it, you can follow these steps: 1. **Create a New Role**: First, create a new role named `power_user` by navigating to Menu -> Security -> List Roles and clicking the + sign. 2. **Assign Permissions**: In the new role creation window, give this new role a name (`power_user`), attribute it to users, and select the specific tables or datasets in the **Permissions** dropdown that you want this role to have access to. 3. **Restrict Access for Other Roles**: Ensure that the `Admin` and `Gamma` roles do not have permissions to access the specific datasets. Since `Admin` users have all possible rights by default, you may need to manage this by ensuring that only users with the `power_user` role are assigned to access the specific datasets. 4. **Confirm Access**: Verify that users assigned to the `power_user` role can see the objects (dashboards and slices) associated with the datasets you have extended to them, and that users with `Admin` and `Gamma` roles do not have access to these datasets. This approach leverages the role-based access control system in Superset to manage dataset access effectively <sup>[[1]](https://github.com/apache/superset/blob/master/docs/docs/security/security.mdx)</sup>. Regarding Row Level Security (RLS), it can be used to apply filters to queries based on user roles, but it is not typically used to restrict access to entire datasets based on roles. Instead, RLS is more suited for filtering data within a dataset based on conditions related to roles <sup>[[2]](https://github.com/apache/superset/blob/master/tests/integration_tests/security/row_level_security_tests.py)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/e9c32083-6c7f-421a-99ab-32850437dcf3?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/e9c32083-6c7f-421a-99ab-32850437dcf3?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/e9c32083-6c7f-421a-99ab-32850437dcf3?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/e9c32083-6c7f-421a-99ab-32850437dcf3?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/e9c32083-6c7f-421a-99ab-32850437dcf3?feedback_type=hallucination) | [Other](https://app.dosu.dev/response-feedback/e9c32083-6c7f-421a-99ab-32850437dcf3?feedback_type=other)</sup> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
