GitHub user dosubot[bot] added a comment to the discussion: issue in superset
using iframe
<!-- Answer -->
To hide the "Exit Full Screen" menu and prevent users from seeing options like
SQL Lab in embedded Superset dashboards, use the Embedded SDK with guest tokens
and a custom read-only role. This approach gives you fine-grained control over
which UI elements are visible and what actions users can take.
- The Embedded SDK's embedDashboard function supports a dashboardUiConfig
option. Setting hideChartControls: true will hide the chart action menu
(including the 3-dots menu) in the embedded dashboard UI. You can also hide the
title and tabs if needed. Example:
```js
embedDashboard({
id: "<dashboard_id>",
supersetDomain: "https://your-superset-domain.com";,
mountPoint: document.getElementById("superset-container"),
fetchGuestToken: () => fetch("/api/superset-token").then((res) => res.text()),
dashboardUiConfig: {
hideTitle: true,
hideTab: true,
hideChartControls: true, // Hides the 3-dots menu
filters: { visible: false, expanded: false },
},
});
```
- Create a custom read-only role in Superset with no permissions for SQL Lab,
editing, or exporting, and assign it as the guest role in your
superset_config.py.
- Enable EMBEDDED_SUPERSET and set up guest token authentication as described
in the SDK documentation.
Superset also recently added logic to hide the fullscreen option in embedded
dashboards, so if you use the Embedded SDK or the standalone=1 URL parameter,
the fullscreen menu should be hidden automatically in embedded contexts
([changelog](https://github.com/apache/superset/blob/master/superset-frontend/CHANGELOG.md#embedded-hide-dashboard-fullscreen-option-for-embedded-context-26412-494068b6325054be076e994ca06e01efdfe83aec)).
If you use only iframe embedding with standalone=1, some menus may still
appear, and permissions are not enforced as strictly. The SDK approach is the
recommended and secure way to control embedded dashboard UI
([details](https://github.com/apache/superset/issues/36377)).
Avoid using CSS to hide menu items, as this does not remove permissions and may
break with future updates
([discussion](https://github.com/apache/superset/discussions/36088)).
<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*
---
<sup>How did I do?
[Good](https://app.dosu.dev/response-feedback/72cb5193-0e36-4911-8e0f-d61879594257?feedback_type=great_response)
|
[Irrelevant](https://app.dosu.dev/response-feedback/72cb5193-0e36-4911-8e0f-d61879594257?feedback_type=irrelevant_answer)
|
[Incorrect](https://app.dosu.dev/response-feedback/72cb5193-0e36-4911-8e0f-d61879594257?feedback_type=incorrect_sources)
|
[Verbose](https://app.dosu.dev/response-feedback/72cb5193-0e36-4911-8e0f-d61879594257?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/72cb5193-0e36-4911-8e0f-d61879594257?feedback_type=hallucination)
| [Report
🐛](https://app.dosu.dev/response-feedback/72cb5193-0e36-4911-8e0f-d61879594257?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/72cb5193-0e36-4911-8e0f-d61879594257?feedback_type=other)</sup>
[](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=To%20hide%20the%20%22Exit%20Full%20Screen%22%20menu%20and%20prevent%20users%20from%20seeing%20options%20like%20SQL%20Lab%20in%20embedded%20Superset%20dashboards%2C%20use%20the%20Embedded%20SDK%20with%20guest%20tokens%20and%20a%20custom%20read-only%20role.%20This%20approach%20gives%20you%20fine-grained%20control%20over%20which%20UI%20elements%20are%20visible%20and%20what%20actions%20users%20can%20take.%0A%0A-%20The%20Embedded%20SDK%27s%20embedDashboard%20function%20supports%20a%20dashboardUiConfig%20option.%20Setting%20hideChartControls%3A%20true%20will%20hide%20the%20chart%20action%20menu%20%28including%20the%203-dots%20menu%29%20in%20the%20embedded%20dashboard%20UI.%20You%20can%20also%20hide%20the%20title%20and%20tabs%20if%20needed.%20Example%3A%0A%0
A%60%60%60js%0AembedDashboard%28%7B%0A%20%20id%3A%20%22%3Cdashboard_id%3E%22%2C%0A%20%20supersetDomain%3A%20%22https%3A//your-superset-domain.com%22%2C%0A%20%20mountPoint%3A%20document.getElementById%28%22superset-container%22%29%2C%0A%20%20fetchGuestToken%3A%20%28%29%20%3D%3E%20fetch%28%22/api/superset-token%22%29.then%28%28res%29%20%3D%3E%20res.text%28%29%29%2C%0A%20%20dashboardUiConfig%3A%20%7B%0A%20%20%20%20hideTitle%3A%20true%2C%0A%20%20%20%20hideTab%3A%20true%2C%0A%20%20%20%20hideChartControls%3A%20true%2C%20//%20Hides%20the%203-dots%20menu%0A%20%20%20%20filters%3A%20%7B%20visible%3A%20false%2C%20expanded%3A%20false%20%7D%2C%0A%20%20%7D%2C%0A%7D%29%3B%0A%60%60%60%0A-%20Create%20a%20custom%20read-only%20role%20in%20Superset%20with%20no%20permissions%20for%20SQL%20Lab%2C%20editing%2C%20or%20exporting%2C%20and%20assign%20it%20as%20the%20guest%20role%20in%20your%20superset_config.py.%0A-%20Enable%20EMBEDDED_SUPERSET%20and%20set%20up%20guest%20token%20authentication%20as%20describe
d%20in%20the%20SDK%20documentation.%0A%0ASuperset%20also%20recently%20added%20logic%20to%20hide%20the%20fullscreen%20option%20in%20embedded%20dashboards%2C%20so%20if%20you%20use%20the%20Embedded%20SDK%20or%20the%20standalone%3D1%20URL%20parameter%2C%20the%20fullscreen%20menu%20should%20be%20hidden%20automatically%20in%20embedded%20contexts%C2%A0%28%5Bchangelog%5D%28https%3A//github.com/apache/superset/blob/master/superset-frontend/CHANGELOG.md%23embedded-hide-dashboard-fullscreen-option-for-embedded-context-26412-494068b6325054be076e994ca06e01efdfe83aec%29%29.%0A%0AIf%20you%20use%20only%20iframe%20embedding%20with%20standalone%3D1%2C%20some%20menus%20may%20still%20appear%2C%20and%20permissions%20are%20not%20enforced%20as%20strictly.%20The%20SDK%20approach%20is%20the%20recommended%20and%20secure%20way%20to%20control%20embedded%20dashboard%20UI%C2%A0%28%5Bdetails%5D%28https%3A//github.com/apache/superset/issues/36377%29%29.%0A%0AAvoid%20using%20CSS%20to%20hide%20menu%20items%2C%20as%2
0this%20does%20not%20remove%20permissions%20and%20may%20break%20with%20future%20updates%C2%A0%28%5Bdiscussion%5D%28https%3A//github.com/apache/superset/discussions/36088%29%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36447)
GitHub link:
https://github.com/apache/superset/discussions/36447#discussioncomment-15186053
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
