[I] Sync Columns from Source" returns 403 Access Denied despite having all required permissions Description [superset]

[via GitHub]

oliverbell-klv opened a new issue, #35960:
URL: https://github.com/apache/superset/issues/35960

   ### Bug description
   
   Superset Version: 4.1.1
   
   **Environment:**
   
   - ECS/Fargate deployment
   - PostgreSQL metadata database
   - Okta OAuth integration
   - Snowflake data source
   
   **Issue**
   The "Sync Columns from Source" feature consistently returns 403 Access 
Denied for all datasets, despite having all documented permissions in place.
   
   **Steps to Reproduce**
   1. Navigate to any dataset
   2. Click "Sync Columns from Source"
   3. Receive "Access is Denied" error
   
   **Expected Behavior**
   Column sync should work for users with appropriate permissions
   
   **Actual Behavior**
   - HTTP 403 response on /datasource/external_metadata_by_name/ endpoint
   - Generic error: {"message":"Access is Denied","severity":"danger"}
   - No detailed error in application logs
   
   Permissions Verified
   User has both Admin and Public roles with the following permissions 
confirmed in database:
   Admin role:
   
   - can_external_metadata on DatasourceModelView
   - can_external_metadata_by_name on DatasourceModelView
   - can_refresh on DatasetRestApi
   - can_read on DatasourceModelView
   
   Public role: (same permissions)
   
   
   Additional Context
   
   - User authentication via Okta OAuth works correctly
   - Database connections and queries work fine
   - Other admin functions work normally
   - Issue affects all datasets consistently
   - Fresh login sessions don't resolve the issue
   
   Configuration
   ```
   
   AUTH_TYPE = AUTH_OAUTH
   AUTH_ROLES_MAPPING = {
       "superset-admins": ["Admin"],
       # ... other mappings
   }
   AUTH_ROLES_SYNC_AT_LOGIN = True
   ```
   
   Has anyone encountered similar permission issues with the sync columns 
feature?
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   master / latest-dev
   
   ### Python version
   
   3.9
   
   ### Node version
   
   16
   
   ### Browser
   
   Chrome
   
   ### Additional context
   
   _No response_
   
   ### Checklist
   
   - [x] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [x] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [x] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org