You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by "ivan-price-acted (via GitHub)" <gi...@apache.org> on 2023/04/17 07:20:37 UTC

[GitHub] [superset] ivan-price-acted commented on pull request #22642: fix(dashboard rbac): make a dashboard with no role assigned accessible only when PUBLISHED instead of DRAFT

ivan-price-acted commented on PR #22642:
URL: https://github.com/apache/superset/pull/22642#issuecomment-1510833345

   Hi there,
   
   Just discovered this 'feature' whilst testing for our organisation: the fact that (currently) Draft dashboards provide a window for unauthorised users onto data they wouldn't normally be allowed to see, (if no RBAC roles are assigned) if this PR merges than those same unauthorised users will see the data when the dashboards are published.
   
   I'm surprised we don't simply delete the line of code in question, i.e. be explicit in the RBAC rules that if we want a world-readable dashboard we assign a role that we know all users have ?
   
   Why do we assume no roles == everyone cas access the data ? It is very likely users creating dashboards will forget to publish or unpublish their dashboards and not assign any RBAC rules, and will not understand the implications in terms of who can access their data between the two states.
   
   As an administrator this presents a risk, trusting the users to do the right thing here (manage the draft / published AND the RBAC rules) is not realistic for us.
   
   Can we make a plea for removing line 1994
   
   ```
   or (dashboard.published and not dashboard.roles)
   ```
   
   completely, and require the user to add an explicit role instead ?
   
   -ivan
   
   
   
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org