GitHub user MG-mondal created a discussion: Allow some users/roles to export PDF reports for specific dashboards
## Summary Today in Apache Superset, export/download permissions (e.g., for reports/exports) are mainly role-based/global. I’d like to request the ability to **allow PDF report export for some dashboards but not others**, even for the same user/role. ## Motivation / Use case We have multiple dashboards with different datasets and different sensitivity levels: - Some dashboards are OK to export as PDF and share externally (e.g., weekly business updates) - Other dashboards must be view-only in the UI (no PDF export), even if a user can access them ## Why this matters Even when dashboards are accessible, export to PDF can increase data leakage risk. Organizations often need to keep certain dashboards “view-only” while permitting PDF export for others. Right now, it’s difficult to express “User/Role X can export PDF for Dashboard A, but not for Dashboard B”. ## Current behavior - If a user has access to the dashboard and the report/export capability via their role, they can export PDF for all dashboards they can access. - There is no obvious way to scope PDF export permission at the dashboard level (unless I’m missing something) for a given user. ## Expected behavior - Role/User X: `can export pdf` on Dashboard A ✅ - Role/User X: `can export pdf` on Dashboard B ❌ while still allowing view access to both dashboards. ## Environment - Superset version: **4.1.1** - Deployment: (Docker/K8s/VM) [fill in] - Auth: (e.g., LDAP/OIDC/DB) [fill in] - Reports: (built-in Reports / Celery / Selenium) [fill in if relevant] ## Question Is this already possible in newer versions (or via an existing permission/feature flag) and I’m just missing it? If so, I’d love pointers to the recommended approach. ## Acceptance criteria (suggested) - Ability to grant/deny PDF export for a dashboard at dashboard-level scope (RBAC) - Enforced server-side (not only hiding a button in the UI) - Clear admin UX for configuring the permission GitHub link: https://github.com/apache/superset/discussions/36976 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
