dashboard permission

[ujhujuh]

Make sure these boxes are checked before submitting your issue - thank you!

• [ ok] I have checked the superset logs for python stacktraces and included it here as text if any
• [ ok] I have reproduced the issue with at least the latest released version of superset
• [ ok] I have checked the issue tracker for the same issue and I haven't found one similar

Now dashboard permissions are based on database and datasource to control, I would like to control the permissions on the dashboard alone，like that:

Superset version

14.1

Expected results

succeed

Actual results

succeed

Steps to reproduce

New feature.

[ujhujuh]

@fangyeqing this is not ps, this is a good screenshot of my local changes.

[xrmx]

If actual results and expected results are the same how is this an issue? :) On a more serious level I find it difficult to understand what you mean here. Do you mean that having permission on a dashboard should suffice to see all the slices in it?

[ujhujuh]

@xrmx
for example:
roles: role1, role2
dashboards: dashboard1,dashboard2,dashboard3,dashboard4
role1 want to access dashboard1, dashboard2
role2 want to access dahsboard3, dashboard4

how to do?
now, I modified some of the content and can get what i want

i think the dashboard permission is necessary!

[xrmx]

Ok now i sort of see what you meant, correct me if i'm wrong: you don't want to give access to every dashboard to roles that have the dashboard datasource permission, you want to grant permission to each dashboard manually.

BTW Why did you opened an issue and not a pull request if you already have code implementing what you need?

[ujhujuh]

@xrmx okay, i will pull a request

[bkyryliuk]

@ujhujuh - it would be great to understand the plan in a bit more details. As dashboard access becomes a bit tricky:

• If user has access to the dashboard, can he explore the slices that belong to the dashboards
• If user has access to the dashboard, can he explore the datasources that are backing up that dashboard
• If user has access to the dashboard, can he apply filters to the dashboard
• If user has access to the dashboard, can he make a copy of the dashboard and modify the copy
• What happens if the dashboard access gets revoked?

could you also please describe the business use case?
I would love to learn more about it.

[jaredpiedt]

@bkyryliuk we have an external partner that we would like to share a dashboard with, but we don't want them to see our internal dashboards in the dashboard list. We can limit their access to datasources so that if they click on the dashboard link, they won't be able to see anything. However, it would be super useful if we could prevent them from even seeing the link in the dashboard list. Correct me if I'm wrong, but I don't believe this is currently possible

[pawan-kv]

Is the "dashboard permission" feature added to superset??

[roshanhadal]

I am facing the exact issue and want this feature desperately. I will explain my real use case which is also a classic example, and I hope this gives more clarity on the issue.

I have a global revenue dashboard which only CXOs should see. But we also need to have region specific dashboards (like APAC, US, EMEA) which respective region heads need to see for:

1. Business Reasons - Not everyone should have access to company level data
2. User Experience - APAC head will be interested only in APAC. S/he should not be clicking and be filtering multiple times to see her/his region numbers.

The problem I am facing to implement the above:
I can create different slices and dashboards per region, but I am not able to restrict the user at dashboard level. I tried to duplicate the data source (as I can apply access control at data source level) but Superset doesn't allow that (error pasted below). A particular database and table (in my case a simple MySql DB) cannot be configured twice. Even if this is allowed (with an alias or something equivalent or by removing the unique constraint), then it will solve my above use case as I can restrict the data at query level itself. OR if permission can be created for every dashboard, then it will simpler as I don't have to duplicate the data source and it will be more intuitive from role management perspective.

(raised as a result of Query-invoked autoflush; consider using a session.no_autoflush block if this flush is occurring prematurely) (sqlite3.IntegrityError) UNIQUE constraint failed: tables.table_name [SQL: u'INSERT INTO tables (created_on, changed_on, table_name, main_dttm_col, description, default_endpoint, database_id, is_featured, filter_select_enabled, user_id, "offset", cache_timeout, schema, sql, params, perm, changed_by_fk, created_by_fk) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'] [parameters: ('2017-04-05 06:49:10.289235', '2017-04-05 06:49:10.289251', u'revenue_dashboard', None, None, None, 13, 0, 0, None, 0, None, u'report', None, None, None, 3, 3)]

[fufjvnvnf]

I don't think this change does anything. Even if you remove the dashboard permission from the role the role's actual permission does not change, meaning that once all_datasource and can_dashboard permission are granted, the role can already view the dashboards without being granted the newly introduced specific per dashboard permission. Dashboard access check still needs to be implemented.

[SpyderRivera]

Has this been fixed?

[yamyamyuo]

@ujhujuh did you Pull request your feature? I am looking forward to use this feature.

[nihalbtq8]

@ujhujuh How did you go on about doing this? Can you direct me roughly how to make a Custom Permission?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

[starsunny]

@ujhujuh @nihalbtq8 @yamyamyuo
Guys can you please tell me the file path where I need to make these changes, I am using release--0.32 version.

[ujhujuh]

from this version，the permission seems to have been added ------------------ 原始邮件 ------------------ 发件人: "Sunny kalal"<notifications@github.com>; 发送时间: 2019年8月27日(星期二) 晚上6:06 收件人: "apache/incubator-superset"<incubator-superset@noreply.github.com>; 抄送: "Fantasy"<643240108@qq.com>;"Mention"<mention@noreply.github.com>; 主题: Re: [apache/incubator-superset] dashboard permission (#1799) @ujhujuh @nihalbtq8 @yamyamyuo Guys can you please tell me the file path where I need to make these changes, I am using release--0.32 version. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[starsunny]

@ujhujuh I can't see this feature, Can you tell me the file path?
I have 100+ dashboards in the superset, and what I want is to hide a few specific dashboards from all users.
Or you can give me the pull request.
and you have mentioned that superset version in 14.1, but I don't think superset have such a version.