GitHub user dosubot[bot] added a comment to the discussion: Integration of graphs to website based on user roles
<!-- Answer --> The "data source error" in embedded Superset dashboards is usually caused by missing or incorrect permissions, or by the frontend not sending the right context for permission checks. To fix it: 1. **Check your frontend integration:** Make sure every chart request includes the correct `dashboardId` in its `form_data`. If this is missing, Superset can't enforce dataset-level permissions and will return a data source error. In React, you can inject it like: ```js const dashboardInfo = useSelector(state => state.dashboardInfo); formData.dashboardId = dashboardInfo.id; ``` [See details and fix](https://github.com/apache/superset/issues/32552) 2. **Review guest token scope:** When generating the guest token, ensure it's scoped only to the dashboard (not datasets or charts directly). The token should reference the dashboard ID and user info, not grant broad access. 3. **Lock down guest role permissions:** The role assigned to embedded users (by default, "Public" unless you set `GUEST_ROLE_NAME`) should not have `all_datasource_access` or explicit access to restricted datasets. For tighter control, create a dedicated guest role (e.g., `EmbedGuest`), grant only minimal permissions, and set `GUEST_ROLE_NAME = "EmbedGuest"` in your config. [Role setup guide](https://github.com/apache/superset/discussions/33674) 4. **If you still see errors:** Compare your guest role's permissions with the admin role in Superset's Security > List Roles, and ensure it has the necessary permissions for the relevant datasets and databases. Check Superset logs for permission-denied errors—they often specify exactly which permission is missing. [Permission troubleshooting](https://github.com/apache/superset/discussions/34353) 5. **Limitations:** Superset's embedded dashboards grant access to all charts on the dashboard, so dataset-level restrictions aren't strictly enforced in embedded mode. Unauthorized charts will show an "Access Denied" overlay, but won't be hidden entirely. If you need to hide them, you'll need custom frontend logic to detect and remove charts that fail to load due to access errors. [Known limitation](https://github.com/apache/superset/issues/33698) Let me know if you need help with a specific configuration or code snippet! <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/600aabc7-1ce1-400f-928a-3aff8baf6fb6?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/600aabc7-1ce1-400f-928a-3aff8baf6fb6?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/600aabc7-1ce1-400f-928a-3aff8baf6fb6?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/600aabc7-1ce1-400f-928a-3aff8baf6fb6?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/600aabc7-1ce1-400f-928a-3aff8baf6fb6?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/600aabc7-1ce1-400f-928a-3aff8baf6fb6?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/600aabc7-1ce1-400f-928a-3aff8baf6fb6?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=The%20%22data%20source%20error%22%20in%20embedded%20Superset%20dashboards%20is%20usually%20caused%20by%20missing%20or%20incorrect%20permissions%2C%20or%20by%20the%20frontend%20not%20sending%20the%20right%20context%20for%20permission%20checks.%0A%0ATo%20fix%20it%3A%0A%0A1.%20%2A%2ACheck%20your%20frontend%20integration%3A%2A%2A%20Make%20sure%20every%20chart%20request%20includes%20the%20correct%20%60dashboardId%60%20in%20its%20%60form_data%60.%20If%20this%20is%20missing%2C%20Superset%20can%27t%20enforce%20dataset-level%20permissions%20and%20will%20return%20a%20data%20source%20error.%20In%20React%2C%20you%20can%20inject%20it%20like%3A%0A%20%20%20%60%60%60js%0A%20%20%20const%20dashboardInfo%20%3D%20useSelector%28state%20%3D%3E%20state.dashboardInfo%29%3B%0 A%20%20%20formData.dashboardId%20%3D%20dashboardInfo.id%3B%0A%20%20%20%60%60%60%0A%20%20%20%5BSee%20details%20and%20fix%5D%28https%3A//github.com/apache/superset/issues/32552%29%0A%0A2.%20%2A%2AReview%20guest%20token%20scope%3A%2A%2A%20When%20generating%20the%20guest%20token%2C%20ensure%20it%27s%20scoped%20only%20to%20the%20dashboard%20%28not%20datasets%20or%20charts%20directly%29.%20The%20token%20should%20reference%20the%20dashboard%20ID%20and%20user%20info%2C%20not%20grant%20broad%20access.%0A%0A3.%20%2A%2ALock%20down%20guest%20role%20permissions%3A%2A%2A%20The%20role%20assigned%20to%20embedded%20users%20%28by%20default%2C%20%22Public%22%20unless%20you%20set%20%60GUEST_ROLE_NAME%60%29%20should%20not%20have%20%60all_datasource_access%60%20or%20explicit%20access%20to%20restricted%20datasets.%20For%20tighter%20control%2C%20create%20a%20dedicated%20guest%20role%20%28e.g.%2C%20%60EmbedGuest%60%29%2C%20grant%20only%20minimal%20permissions%2C%20and%20set%20%60GUEST_ROLE_NAME%20%3D%20%22E mbedGuest%22%60%20in%20your%20config.%20%5BRole%20setup%20guide%5D%28https%3A//github.com/apache/superset/discussions/33674%29%0A%0A4.%20%2A%2AIf%20you%20still%20see%20errors%3A%2A%2A%20Compare%20your%20guest%20role%27s%20permissions%20with%20the%20admin%20role%20in%20Superset%27s%20Security%20%3E%20List%20Roles%2C%20and%20ensure%20it%20has%20the%20necessary%20permissions%20for%20the%20relevant%20datasets%20and%20databases.%20Check%20Superset%20logs%20for%20permission-denied%20errors%E2%80%94they%20often%20specify%20exactly%20which%20permission%20is%20missing.%20%5BPermission%20troubleshooting%5D%28https%3A//github.com/apache/superset/discussions/34353%29%0A%0A5.%20%2A%2ALimitations%3A%2A%2A%20Superset%27s%20embedded%20dashboards%20grant%20access%20to%20all%20charts%20on%20the%20dashboard%2C%20so%20dataset-level%20restrictions%20aren%27t%20strictly%20enforced%20in%20embedded%20mode.%20Unauthorized%20charts%20will%20show%20an%20%22Access%20Denied%22%20overlay%2C%20but%20won%27t%20be% 20hidden%20entirely.%20If%20you%20need%20to%20hide%20them%2C%20you%27ll%20need%20custom%20frontend%20logic%20to%20detect%20and%20remove%20charts%20that%20fail%20to%20load%20due%20to%20access%20errors.%20%5BKnown%20limitation%5D%28https%3A//github.com/apache/superset/issues/33698%29%0A%0ALet%20me%20know%20if%20you%20need%20help%20with%20a%20specific%20configuration%20or%20code%20snippet%21) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36322) GitHub link: https://github.com/apache/superset/discussions/36322#discussioncomment-15103339 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
