You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/08/29 08:32:55 UTC

[GitHub] [incubator-superset] Giuzzilla edited a comment on issue #2731: Give users the rights to change their password

Giuzzilla edited a comment on issue #2731: Give users the rights to change their password
URL: https://github.com/apache/incubator-superset/issues/2731#issuecomment-526084006
 
 
   It's possible to make them see their own profile + see the password change button + allowing them to change their own password without allowing `can edit on UserDBModelView`, by enabling only these permissions:
   
   `can this form post on ResetMyPasswordView, 
   can this form get on ResetMyPasswordView, 
   can userinfo on UserDBModelView, 
   resetmypassword on UserDBModelView`
   
   Is there anything that I'm missing or a potential security issue with these enabled?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org