GitHub user dosubot[bot] added a comment to the discussion: Granting permissions to datasets created in SQL Lab
<!-- Greeting --> Hi @fabrue! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> This is a **known issue** in Superset's permission model. Here's what's happening: **(1) Yes, explicit permission grants are currently required.** While dataset creators are automatically assigned as owners, [ownership doesn't guarantee visibility](https://github.com/apache/superset/discussions/33308#discussioncomment-13016992) in the Datasets list. The automatic `datasource access on` permission assignment often fails, which is why your user can create datasets but can't see them. The `can get or create dataset Dataset` permission only allows creation—[it doesn't automatically grant visibility](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/datasets/api.py#L111). **(2) Best practices for granting permissions:** - **Granular approach**: After each dataset is created, a super admin manually grants `datasource access on [dataset_name]` to the user's role. [Regular users cannot assign these permissions themselves](https://github.com/apache/superset/discussions/32878#discussioncomment-12640366). - **Broader access (easier to manage)**: Grant `schema_access` or `database_access` permissions to the user's custom role. This avoids per-dataset permission management—users would automatically see all datasets within that schema/database. - **Use configuration-based approaches**: Manual role permission changes can be [overwritten when running `superset init`](https://github.com/apache/superset/discussions/37660), so consider managing permissions via `superset_config.py` where possible. For a self-service workflow with Gamma users, the practical choice is often granting broader schema or database-level access rather than managing individual dataset permissions. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/ff5cc988-4be5-4c9f-8130-2960ac0d391b?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/ff5cc988-4be5-4c9f-8130-2960ac0d391b?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/ff5cc988-4be5-4c9f-8130-2960ac0d391b?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/ff5cc988-4be5-4c9f-8130-2960ac0d391b?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/ff5cc988-4be5-4c9f-8130-2960ac0d391b?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/ff5cc988-4be5-4c9f-8130-2960ac0d391b?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/ff5cc988-4be5-4c9f-8130-2960ac0d391b?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=This%20is%20a%20%2A%2Aknown%20issue%2A%2A%20in%20Superset%27s%20permission%20model.%20Here%27s%20what%27s%20happening%3A%0A%0A%2A%2A%281%29%20Yes%2C%20explicit%20permission%20grants%20are%20currently%20required.%2A%2A%20While%20dataset%20creators%20are%20automatically%20assigned%20as%20owners%2C%20%5Bownership%20doesn%27t%20guarantee%20visibility%5D%28https%3A//github.com/apache/superset/discussions/33308%23discussioncomment-13016992%29%20in%20the%20Datasets%20list.%20The%20automatic%20%60datasource%20access%20on%60%20permission%20assignment%20often%20fails%2C%20which%20is%20why%20your%20user%20can%20create%20datasets%20but%20can%27t%20see%20them.%0A%0AThe%20%60can%20get%20or%20create%20dataset%20Dataset%60%20permission%20only%20allows%20creation%E2%8 0%94%5Bit%20doesn%27t%20automatically%20grant%20visibility%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/datasets/api.py%23L111%29.%0A%0A%2A%2A%282%29%20Best%20practices%20for%20granting%20permissions%3A%2A%2A%0A%0A-%20%2A%2AGranular%20approach%2A%2A%3A%20After%20each%20dataset%20is%20created%2C%20a%20super%20admin%20manually%20grants%20%60datasource%20access%20on%20%5Bdataset_name%5D%60%20to%20the%20user%27s%20role.%20%5BRegular%20users%20cannot%20assign%20these%20permissions%20themselves%5D%28https%3A//github.com/apache/superset/discussions/32878%23discussioncomment-12640366%29.%0A%0A-%20%2A%2ABroader%20access%20%28easier%20to%20manage%29%2A%2A%3A%20Grant%20%60schema_access%60%20or%20%60database_access%60%20permissions%20to%20the%20user%27s%20custom%20role.%20This%20avoids%20per-dataset%20permission%20management%E2%80%94users%20would%20automatically%20see%20all%20datasets%20within%20that%20schema/database.%0A%0A-%20%2A%2AUse%20con figuration-based%20approaches%2A%2A%3A%20Manual%20role%20permission%20changes%20can%20be%20%5Boverwritten%20when%20running%20%60superset%20init%60%5D%28https%3A//github.com/apache/superset/discussions/37660%29%2C%20so%20consider%20managing%20permissions%20via%20%60superset_config.py%60%20where%20possible.%0A%0AFor%20a%20self-service%20workflow%20with%20Gamma%20users%2C%20the%20practical%20choice%20is%20often%20granting%20broader%20schema%20or%20database-level%20access%20rather%20than%20managing%20individual%20dataset%20permissions.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/38250) GitHub link: https://github.com/apache/superset/discussions/38250#discussioncomment-15925618 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
