Dev10-34 commented on PR #36764: URL: https://github.com/apache/superset/pull/36764#issuecomment-3871422043
> The screenshot shows the password change for the **current user** . I think if we need this feature we need a proper password reset flow with all the necessary stuff like emails. Not really. If i add some more users, then I can show the flow like this: Screenshot 1: Logged in as Admin role <img width="1920" height="1020" alt="image" src="https://github.com/user-attachments/assets/c6b28794-253b-4b1f-b3fa-dc73ff640fe8"; /> Screenshot 2: Navigate to fab page for the same. <img width="1920" height="1020" alt="image" src="https://github.com/user-attachments/assets/7e14474a-550d-49ef-979b-4643dbe8ca34"; /> Screenshot 3: Show record for test1 user <img width="1920" height="1020" alt="image" src="https://github.com/user-attachments/assets/bf309008-bcd1-4229-9ad0-be8c6eaedcbd"; /> Screenshot 4: Navigate to /resetpassword endpoint which is going to pull up this page, allowing the admin to change the password as needed as well. <img width="1920" height="1020" alt="image" src="https://github.com/user-attachments/assets/3a0778e0-0679-4c30-a61c-6b9cbe809fa5"; /> This changing password feature is different from the password change initiated through user_info page/endpoint. Explained through screenshots flow again: Screenshot 1: The superset frontend page for user info: <img width="1920" height="1020" alt="image" src="https://github.com/user-attachments/assets/caf43086-82b4-48f7-9195-6665016d9092"; /> Screenshot 2: Corresponding fab page for the same: <img width="1920" height="1020" alt="image" src="https://github.com/user-attachments/assets/d7d37d75-94fb-4995-a0e3-9da7f1b26501"; /> Screenshot 3: Resetting the password for the current user: <img width="1920" height="1020" alt="image" src="https://github.com/user-attachments/assets/64ced3f0-657b-4f84-9b71-9dc57758b8a9"; /> Not sure if this was intentional for superset, but the out of the box support from fab allowed users to do this very easily. Allowing admin control for the same as well. There are related permissions to these as well, namely ResetPassword and ResetMyPassword, which are separate from each other. This allows creation of a separate account in superset, with a role completely dedicated to this as well. Organizations can choose to remove this from the admin control and assign this over to a different role as well, maintaining the granularity principle in superset. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
