dosubot[bot] commented on issue #36282: URL: https://github.com/apache/superset/issues/36282#issuecomment-3579358937
<!-- Answer --> In Superset 5.0.0, dashboards in draft status (i.e., not published) are only visible via the API if the user is an owner of those dashboards or has admin privileges. Permissions like `can_read` or `all_database_access` do not override this ownership check—non-owners will not see draft dashboards in the `/api/v1/dashboard` response, even with broad access rights. This filtering is handled by the DashboardAccessFilter, which restricts draft dashboard visibility for privacy and curation reasons [see code reference](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/dashboards/filters.py#L104-L194). To allow a user to list a draft dashboard, make sure they are added as an owner of that dashboard. There is no additional permission that will expose all drafts to non-owners via the API—this is by design [see Dashboard model](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/models/dashboard.py#L160-L220). Admin users can see all dashboards, including drafts. If you need broader access, consider updating dashboard ownership or using an admin account. Draft dashboards are omitted from the API response for non-owners, not returned with errors. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/758b7ff9-44f8-44c2-a92f-19e50985e0b5?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/758b7ff9-44f8-44c2-a92f-19e50985e0b5?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/758b7ff9-44f8-44c2-a92f-19e50985e0b5?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/758b7ff9-44f8-44c2-a92f-19e50985e0b5?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/758b7ff9-44f8-44c2-a92f-19e50985e0b5?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/758b7ff9-44f8-44c2-a92f-19e50985e0b5?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/758b7ff9-44f8-44c2-a92f-19e50985e0b5?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=In%20Superset%205.0.0%2C%20dashboards%20in%20draft%20status%20%28i.e.%2C%20not%20published%29%20are%20only%20visible%20via%20the%20API%20if%20the%20user%20is%20an%20owner%20of%20those%20dashboards%20or%20has%20admin%20privileges.%20Permissions%20like%20%60can_read%60%20or%20%60all_database_access%60%20do%20not%20override%20this%20ownership%20check%E2%80%94non-owners%20will%20not%20see%20draft%20dashboards%20in%20the%20%60/api/v1/dashboard%60%20response%2C%20even%20with%20broad%20access%20rights.%20This%20filtering%20is%20handled%20by%20the%20DashboardAccessFilter%2C%20which%20restricts%20draft%20dashboard%20visibility%20for%20privacy%20and%20curation%20reasons%C2%A0%5Bsee%20code%20reference%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91 ceae4b43b1ed3b063ffe45377799c/superset/dashboards/filters.py%23L104-L194%29.%0A%0ATo%20allow%20a%20user%20to%20list%20a%20draft%20dashboard%2C%20make%20sure%20they%20are%20added%20as%20an%20owner%20of%20that%20dashboard.%20There%20is%20no%20additional%20permission%20that%20will%20expose%20all%20drafts%20to%20non-owners%20via%20the%20API%E2%80%94this%20is%20by%20design%C2%A0%5Bsee%20Dashboard%20model%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/models/dashboard.py%23L160-L220%29.%20Admin%20users%20can%20see%20all%20dashboards%2C%20including%20drafts.%0A%0AIf%20you%20need%20broader%20access%2C%20consider%20updating%20dashboard%20ownership%20or%20using%20an%20admin%20account.%20Draft%20dashboards%20are%20omitted%20from%20the%20API%20response%20for%20non-owners%2C%20not%20returned%20with%20errors.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/36282) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
