GitHub user dosubot[bot] added a comment to the discussion: How to create a sub-admin role that can manage users and roles but only see specific datasets?
<!-- Answer --> Superset dashboards can be restricted so users only see dashboards they own, and unpublished dashboards owned by others are hidden from them. This is enforced via ownership and publication status checks in the backend, and can be further controlled with the experimental DASHBOARD_RBAC feature flag for dashboard-level role-based access control ([source](https://github.com/apache/superset/blob/master/tests/integration_tests/dashboard_tests.py)). For charts, Superset tracks ownership and supports filtering by owner, creator, or favorite in the UI and API. However, chart visibility is not system-enforced by ownership alone—users with access to the underlying dataset can see all charts using that dataset unless you apply ownership filters in the UI or API queries ([source](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/charts/filters.py)). There is no global config or feature flag to restrict chart visibility strictly to their creators ([source](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py)). To achieve strict per-user visibility for both dashboards and charts, you would need to customize Superset’s backend and frontend to enforce ownership filters by default, or use RBAC for dashboards and dataset-level permissions for charts. Admins always have full visibility. Let me know if you want details on how to implement these customizations. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/c66617c9-4720-4278-b77e-7df099885bd4?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/c66617c9-4720-4278-b77e-7df099885bd4?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/c66617c9-4720-4278-b77e-7df099885bd4?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/c66617c9-4720-4278-b77e-7df099885bd4?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/c66617c9-4720-4278-b77e-7df099885bd4?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/c66617c9-4720-4278-b77e-7df099885bd4?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/c66617c9-4720-4278-b77e-7df099885bd4?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35772) GitHub link: https://github.com/apache/superset/discussions/35772#discussioncomment-14768785 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
