dosubot[bot] commented on issue #36377: URL: https://github.com/apache/superset/issues/36377#issuecomment-3601380965
<!-- Answer --> There isn't a built-in way to hide the chart action menu (3-dots) in embedded dashboards using iframe embedding or the `standalone` parameter. The menu's visibility is controlled by frontend logic and user permissions, not by embedding context or URL parameters. To achieve a true read-only embedded dashboard (with chart actions hidden), you need to use the Embedded SDK with guest tokens and configure a custom read-only role via the `GUEST_ROLE_NAME` setting in `superset_config.py` [reference](https://github.com/apache/superset/discussions/35943). Here's how you can do it: 1. Create a custom role with only read permissions (start from the Gamma role and remove any permissions that allow editing, like `can_explore`) [reference](https://github.com/apache/superset/issues/28172). 2. Set `GUEST_ROLE_NAME` to your custom role in `superset_config.py` and restart Superset [reference](https://github.com/apache/superset/discussions/35670). 3. Use the Embedded SDK to embed your dashboard and authenticate with a guest token. The SDK also supports UI options like `hideTitle`, `hideTab`, and `hideChartControls` for further customization [reference](https://github.com/apache/superset/discussions/33034). Loading a dashboard in an iframe without a guest token logs the user in as an anonymous user, so chart actions remain visible. There is no configuration to automatically treat iframe users as guest users or to hide the chart action menu without the guest token mechanism [reference](https://github.com/apache/superset/discussions/35943). CSS workarounds exist but are not recommended, as they don't remove permissions and may cause layout issues [reference](https://github.com/apache/superset/issues/28141). For more details, see these discussions: - [How to disable Edit Chart in embedded dashboards](https://github.com/apache/superset/issues/28172) - [Guest token embedding and permissions](https://github.com/apache/superset/discussions/35670) - [Why iframe embedding doesn't enforce read-only](https://github.com/apache/superset/discussions/35943) <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/051f10e0-1fb1-472e-8290-baa11cca8f90?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/051f10e0-1fb1-472e-8290-baa11cca8f90?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/051f10e0-1fb1-472e-8290-baa11cca8f90?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/051f10e0-1fb1-472e-8290-baa11cca8f90?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/051f10e0-1fb1-472e-8290-baa11cca8f90?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/051f10e0-1fb1-472e-8290-baa11cca8f90?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/051f10e0-1fb1-472e-8290-baa11cca8f90?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=There%20isn%27t%20a%20built-in%20way%20to%20hide%20the%20chart%20action%20menu%20%283-dots%29%20in%20embedded%20dashboards%20using%20iframe%20embedding%20or%20the%20%60standalone%60%20parameter.%20The%20menu%27s%20visibility%20is%20controlled%20by%20frontend%20logic%20and%20user%20permissions%2C%20not%20by%20embedding%20context%20or%20URL%20parameters.%20To%20achieve%20a%20true%20read-only%20embedded%20dashboard%20%28with%20chart%20actions%20hidden%29%2C%20you%20need%20to%20use%20the%20Embedded%20SDK%20with%20guest%20tokens%20and%20configure%20a%20custom%20read-only%20role%20via%20the%20%60GUEST_ROLE_NAME%60%20setting%20in%20%60superset_config.py%60%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/discussions/35943%29.%0A%0AHere%27s%20ho w%20you%20can%20do%20it%3A%0A1.%20Create%20a%20custom%20role%20with%20only%20read%20permissions%20%28start%20from%20the%20Gamma%20role%20and%20remove%20any%20permissions%20that%20allow%20editing%2C%20like%20%60can_explore%60%29%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/issues/28172%29.%0A2.%20Set%20%60GUEST_ROLE_NAME%60%20to%20your%20custom%20role%20in%20%60superset_config.py%60%20and%20restart%20Superset%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/discussions/35670%29.%0A3.%20Use%20the%20Embedded%20SDK%20to%20embed%20your%20dashboard%20and%20authenticate%20with%20a%20guest%20token.%20The%20SDK%20also%20supports%20UI%20options%20like%20%60hideTitle%60%2C%20%60hideTab%60%2C%20and%20%60hideChartControls%60%20for%20further%20customization%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/discussions/33034%29.%0A%0ALoading%20a%20dashboard%20in%20an%20iframe%20without%20a%20guest%20token%20logs%20the%20user%20in%20as%20an%20anonymous%20user%2C% 20so%20chart%20actions%20remain%20visible.%20There%20is%20no%20configuration%20to%20automatically%20treat%20iframe%20users%20as%20guest%20users%20or%20to%20hide%20the%20chart%20action%20menu%20without%20the%20guest%20token%20mechanism%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/discussions/35943%29.%0A%0ACSS%20workarounds%20exist%20but%20are%20not%20recommended%2C%20as%20they%20don%27t%20remove%20permissions%20and%20may%20cause%20layout%20issues%C2%A0%5Breference%5D%28https%3A//github.com/apache/superset/issues/28141%29.%0A%0AFor%20more%20details%2C%20see%20these%20discussions%3A%0A-%20%5BHow%20to%20disable%20Edit%20Chart%20in%20embedded%20dashboards%5D%28https%3A//github.com/apache/superset/issues/28172%29%0A-%20%5BGuest%20token%20embedding%20and%20permissions%5D%28https%3A//github.com/apache/superset/discussions/35670%29%0A-%20%5BWhy%20iframe%20embedding%20doesn%27t%20enforce%20read-only%5D%28https%3A//github.com/apache/superset/discussions/35943%29) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/36377) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
