You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by "nicolas-gaillard (via GitHub)" <gi...@apache.org> on 2023/06/09 13:54:46 UTC

[GitHub] [superset] nicolas-gaillard commented on issue #22640: Dashboard RBAC access doesn't conform to documentation (and access permission exposes a possible security risk)

nicolas-gaillard commented on issue #22640:
URL: https://github.com/apache/superset/issues/22640#issuecomment-1584616148

   hi, is there any new information on this issue? (whether it's the feature flag not working as expected, or the fact that with the RBAC flag, an unpublished dashboard without a role is accessible using the "Public" role).
   
   Totally agree with @ivan-price-acted, it looks like a serious potential security issue...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org