aminghadersohi commented on PR #40344: URL: https://github.com/apache/superset/pull/40344#issuecomment-4557787268
Thanks for the detailed staging report. After reviewing the tool files and comparing against `LogRestApi` (the existing REST API for action logs in `superset/views/log/api.py`): - `LogRestApi` uses `class_permission_name = "Log"` + `can_read` for its GET endpoints (`get` and `get_list`) - The MCP tools (`list_action_logs` and `get_action_log_info`) use the same `class_permission_name="Log"`, which is consistent and correct for OSS Superset Action log access is intentionally admin-only in OSS — `can_read on Log` is the right guard. No OSS code change is needed here. The fix is in Preset's shell: add `can_read on Log` to the workspace admin role mapping so it matches what the standard Superset Admin role has. The `list_tasks` / `get_task_info` tools work because those use a different permission class (e.g. `ReportSchedule` or similar) that is already in the workspace admin role. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
