You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/09/01 01:12:02 UTC

[GitHub] [superset] kamalkeshavani-aiinside opened a new issue #16537: [dashboard] Other user can access draft dashboard

kamalkeshavani-aiinside opened a new issue #16537:
URL: https://github.com/apache/superset/issues/16537


   With DASHBOARD_RBAC disabled, if a user has access to required data sources then he/she can also access the unpublished dashboards created from those sources.
   
   ### Expected results
   
   Draft dashboards should be accessible to only Owners and Admin.
   
   ### Actual results
   
   Draft dashboard is accessible to other users.
   
   #### Screenshots
   
   If applicable, add screenshots to help explain your problem.
   
   #### How to reproduce the bug
   
   1. User A has access to sample dataset covid_vaccine.
   2. User B creates a new dashboard from covid_vaccine dataset, but later changes publish status to draft to update.
   3. User A can still access the draft dashboard with the url.
   4. Similarly user A can access such draft dashboards with url, even if they are never published.
   
   ### Environment
   
   (please complete the following information):
   
   - superset version: `1.3.0`
   - python version: `3.7`
   - node.js version: `14.15.5`
   - any feature flags active:
   
   ### Checklist
   
   Make sure to follow these steps before submitting your issue - thank you!
   
   - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any.
   - [x] I have reproduced the issue with at least the latest released version of superset.
   - [x] I have checked the issue tracker for the same issue and I haven't found one similar.
   
   ### Additional context
   
   Note: I think this is not expected behavior, so reporting as bug instead of feature request.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org