GitHub user dosubot[bot] added a comment to the discussion: Use of Groups in version 6.0.0
<!-- Answer --> In Superset 6.0.0, groups are a core access control feature: they let you organize users and assign roles at the group level, making it much easier to manage permissions for multi-tenant setups. You can manage groups and their memberships via the UI or REST API, and permission checks now consider both user roles and group roles, enabling more scalable and granular access control for tenants and teams. Only admins can create, edit, or delete groups, and users must belong to at least one group or role. This structure is designed to streamline multi-tenant management and permission assignment across large organizations or deployments [source](https://github.com/apache/superset/issues/32116) [source](https://github.com/apache/superset/blob/master/superset/security/manager.py) [source](https://github.com/apache/superset-frontend/src/pages/GroupsList/index.tsx). For breaking changes in 6.0.0: the most relevant is the upgrade to Flask-AppBuilder 5.0.0, which removes the deprecated AUTH_OID authentication type. If you used OpenID, you’ll need to migrate to OAuth, LDAP, or database authentication before upgrading. This change impacts multi-tenant setups that relied on OpenID for authentication. Other breaking changes, like the removal of the CUSTOM_FONT_URLS config, are unrelated to multi-tenancy [source](https://github.com/apache/superset/pull/36745). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/73259006-5cfa-4060-9d58-c2fc4186b79e?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/73259006-5cfa-4060-9d58-c2fc4186b79e?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/73259006-5cfa-4060-9d58-c2fc4186b79e?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/73259006-5cfa-4060-9d58-c2fc4186b79e?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/73259006-5cfa-4060-9d58-c2fc4186b79e?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/73259006-5cfa-4060-9d58-c2fc4186b79e?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/73259006-5cfa-4060-9d58-c2fc4186b79e?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=In%20Superset%206.0.0%2C%20groups%20are%20a%20core%20access%20control%20feature%3A%20they%20let%20you%20organize%20users%20and%20assign%20roles%20at%20the%20group%20level%2C%20making%20it%20much%20easier%20to%20manage%20permissions%20for%20multi-tenant%20setups.%20You%20can%20manage%20groups%20and%20their%20memberships%20via%20the%20UI%20or%20REST%20API%2C%20and%20permission%20checks%20now%20consider%20both%20user%20roles%20and%20group%20roles%2C%20enabling%20more%20scalable%20and%20granular%20access%20control%20for%20tenants%20and%20teams.%20Only%20admins%20can%20create%2C%20edit%2C%20or%20delete%20groups%2C%20and%20users%20must%20belong%20to%20at%20least%20one%20group%20or%20role.%20This%20structure%20is%20designed%20to%20streamline%20multi-tenant%2 0management%20and%20permission%20assignment%20across%20large%20organizations%20or%20deployments%20%5Bsource%5D%28https%3A//github.com/apache/superset/issues/32116%29%20%5Bsource%5D%28https%3A//github.com/apache/superset/blob/master/superset/security/manager.py%29%20%5Bsource%5D%28https%3A//github.com/apache/superset-frontend/src/pages/GroupsList/index.tsx%29.%0A%0AFor%20breaking%20changes%20in%206.0.0%3A%20the%20most%20relevant%20is%20the%20upgrade%20to%20Flask-AppBuilder%205.0.0%2C%20which%20removes%20the%20deprecated%20AUTH_OID%20authentication%20type.%20If%20you%20used%20OpenID%2C%20you%E2%80%99ll%20need%20to%20migrate%20to%20OAuth%2C%20LDAP%2C%20or%20database%20authentication%20before%20upgrading.%20This%20change%20impacts%20multi-tenant%20setups%20that%20relied%20on%20OpenID%20for%20authentication.%20Other%20breaking%20changes%2C%20like%20the%20removal%20of%20the%20CUSTOM_FONT_URLS%20config%2C%20are%20unrelated%20to%20multi-tenancy%20%5Bsource%5D%28https%3A//github.com/apache/s uperset/pull/36745%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36947) GitHub link: https://github.com/apache/superset/discussions/36947#discussioncomment-15432119 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
