GitHub user dosubot[bot] added a comment to the discussion: public permalink
<!-- Answer --> Public (anonymous) access via dashboard permalink is still supported in Superset, but it requires specific configurationâespecially with DASHBOARD_RBAC enabled. You must set both `AUTH_ROLE_PUBLIC = "Public"` and `PUBLIC_ROLE_LIKE = "Public"` (or `"Gamma"`) in your config. Without `PUBLIC_ROLE_LIKE`, the Public role will be empty after `superset init`, and anonymous users will always be redirected to login, even if you manually assign permissions in the UI. After updating these settings, run `superset init` and restart Superset for changes to take effect [[source](https://github.com/apache/superset/discussions/37641)]. The Public role must be assigned to the dashboard and have the following permissions for each relevant dataset/database: `database_access`, `schema_access`, `datasource_access`, `all_datasource_access`, `all_database_access`, and `all_query_access` [[source](https://github.com/apache/superset/blob/master/superset/security/manager.py)]. You can assign these permissions in the UI, but using `PUBLIC_ROLE_LIKE` simplifies setup by copying permissions from another role during initialization. For embedding dashboards, you have two main options: (1) a public direct link (anyone with the link can access), or (2) using the Embedded SDK with guest tokens for more controlled access. The Embedded/Guest Token approach is recommended for secure, granular control, but public permalink access remains available if configured correctly [[source](https://github.com/apache/superset/pull/30032)]. **Checklist for public dashboard access:** 1. Set `AUTH_ROLE_PUBLIC` and `PUBLIC_ROLE_LIKE` in your config. 2. Run `superset init` and restart Superset. 3. Assign the Public role to the dashboard and grant it the required dataset/database permissions. 4. Ensure the dashboard is published and DASHBOARD_RBAC is enabled. If you follow these steps and still get redirected to login, double-check that the Public role has all necessary permissions and is assigned to the dashboard. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/3e9f32a9-ce35-4258-8d46-731e62c39155?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/3e9f32a9-ce35-4258-8d46-731e62c39155?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/3e9f32a9-ce35-4258-8d46-731e62c39155?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/3e9f32a9-ce35-4258-8d46-731e62c39155?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/3e9f32a9-ce35-4258-8d46-731e62c39155?feedback_type=hallucination) | [Report đ](https://app.dosu.dev/response-feedback/3e9f32a9-ce35-4258-8d46-731e62c39155?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/3e9f32a9-ce35-4258-8d46-731e62c39155?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Public%20%28anonymous%29%20access%20via%20dashboard%20permalink%20is%20still%20supported%20in%20Superset%2C%20but%20it%20requires%20specific%20configuration%E2%80%94especially%20with%20DASHBOARD_RBAC%20enabled.%20You%20must%20set%20both%20%60AUTH_ROLE_PUBLIC%20%3D%20%22Public%22%60%20and%20%60PUBLIC_ROLE_LIKE%20%3D%20%22Public%22%60%20%28or%20%60%22Gamma%22%60%29%20in%20your%20config.%20Without%20%60PUBLIC_ROLE_LIKE%60%2C%20the%20Public%20role%20will%20be%20empty%20after%20%60superset%20init%60%2C%20and%20anonymous%20users%20will%20always%20be%20redirected%20to%20login%2C%20even%20if%20you%20manually%20assign%20permissions%20in%20the%20UI.%20After%20updating%20these%20settings%2C%20run%20%60superset%20init%60%20and%20restart%20Superset%20for%20changes %20to%20take%20effect%20%5B%5Bsource%5D%28https%3A//github.com/apache/superset/discussions/37641%29%5D.%0A%0AThe%20Public%20role%20must%20be%20assigned%20to%20the%20dashboard%20and%20have%20the%20following%20permissions%20for%20each%20relevant%20dataset/database%3A%20%60database_access%60%2C%20%60schema_access%60%2C%20%60datasource_access%60%2C%20%60all_datasource_access%60%2C%20%60all_database_access%60%2C%20and%20%60all_query_access%60%20%5B%5Bsource%5D%28https%3A//github.com/apache/superset/blob/master/superset/security/manager.py%29%5D.%20You%20can%20assign%20these%20permissions%20in%20the%20UI%2C%20but%20using%20%60PUBLIC_ROLE_LIKE%60%20simplifies%20setup%20by%20copying%20permissions%20from%20another%20role%20during%20initialization.%0A%0AFor%20embedding%20dashboards%2C%20you%20have%20two%20main%20options%3A%20%281%29%20a%20public%20direct%20link%20%28anyone%20with%20the%20link%20can%20access%29%2C%20or%20%282%29%20using%20the%20Embedded%20SDK%20with%20guest%20tokens%20for%20mo re%20controlled%20access.%20The%20Embedded/Guest%20Token%20approach%20is%20recommended%20for%20secure%2C%20granular%20control%2C%20but%20public%20permalink%20access%20remains%20available%20if%20configured%20correctly%20%5B%5Bsource%5D%28https%3A//github.com/apache/superset/pull/30032%29%5D.%0A%0A%2A%2AChecklist%20for%20public%20dashboard%20access%3A%2A%2A%0A1.%20Set%20%60AUTH_ROLE_PUBLIC%60%20and%20%60PUBLIC_ROLE_LIKE%60%20in%20your%20config.%0A2.%20Run%20%60superset%20init%60%20and%20restart%20Superset.%0A3.%20Assign%20the%20Public%20role%20to%20the%20dashboard%20and%20grant%20it%20the%20required%20dataset/database%20permissions.%0A4.%20Ensure%20the%20dashboard%20is%20published%20and%20DASHBOARD_RBAC%20is%20enabled.%0A%0AIf%20you%20follow%20these%20steps%20and%20still%20get%20redirected%20to%20login%2C%20double-check%20that%20the%20Public%20role%20has%20all%20necessary%20permissions%20and%20is%20assigned%20to%20the%20dashboard.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37660) GitHub link: https://github.com/apache/superset/discussions/37660#discussioncomment-15691832 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
