dgarciabriseno commented on PR #36025: URL: https://github.com/apache/superset/pull/36025#issuecomment-3550042199
the task is all yours. I just wanted to add things I had to figure out on my own to the docs. Adding a preinstalled role takes all the guesswork out for sure. It should still be documented which capabilities are granted to the public role by default. for the bigger set of permissions, why does it need: - can_write on DashboardFilterStateRestApi - can_explore_json on Superset - can_sql_json on Superset I'm wondering why the public role should have any "write" permission, and I'm curious which features are enabled by allowing explore and sql (like are those just needed to be able to interact with the charts?) The others I think make sense and don't look harmful. Main thing I kind of hinted at about all these permissions is that it's not that clear how the permissions map to end user capabilities. They kind of make sense when you look at the superset API, but not so much when you're working in the app (like trying to figure out what you need for a public user). Sorry if formatting is bad, I'm replying to the github email. On November 18, 2025 6:26:19 PM UTC, Sam Firke ***@***.***> wrote: >sfirke left a comment (apache/superset#36025) > >@dgarciabriseno - I just discussed this in the monthly Documentation meeting and the consensus was to go farther and add a new role to Superset, so that admins can just assign it rather than having to create one based on the docs. The way we have Gamma and Alpha already extant in Superset, we'd have Public that way too. Probably with the set of permissions I posted above, unless there are ones you think should be removed. > >My question for you: would you like to take on that work? I don't mean to deprive you of the opportunity to contribute to Superset. Or, if this feels like more than you wanted to sign up for, I'm willing to do this myself. Just let me know! > >-- >Reply to this email directly or view it on GitHub: >https://github.com/apache/superset/pull/36025#issuecomment-3549017788 >You are receiving this because you were mentioned. > >Message ID: ***@***.***> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
