You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/07/22 19:50:38 UTC
[GitHub] [superset] imanollew opened a new issue #15844: Giving a user access to a specific dashboard enables that user to see other datasources
imanollew opened a new issue #15844:
URL: https://github.com/apache/superset/issues/15844
Giving a user (role gamma) access to a specific dashboard enables that user to see other datasources. For example, if user1 has access to dashboard1 (which uses datasource1 and datasource2), that user will have access to every datasource in my enviroment.
### Expected results
what you expected to happen.
User1 shouldnt be able to use every datasource in my enviroment just because admin gave him the role to see a specific dashboard. User1 should be able to only use the datasources in the dashboard "dashboard1".
### Actual results
User1 is able to use any datasource, even if they are not being used in the dashboard "dashboard1".
#### How to reproduce the bug
0. Have a dashboard -dash1- with 2 charts on it. Both charts are using different datasources.
1. Create a new user and give this user the default role "Gamma".
2. Enable the flag in config.py for letting dashboards be only visible to those with a specific role. ("DASHBOARD_RBAC": True)
3. Create an empty role, which will be used to grant access to the dashboard "dash1", for example "access_dashboard1".
4. Make the dashboard be only visible to those with the role "access_dashboard1".
5. Assign the role "access_dashboard1" to this new gamma user.
Now he can access every datasource in the enviroment.
### Environment
- superset version: 1.2
- python version: Python 3.7.11
- node.js version: v12.22.2
### Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [ yes] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [yes ] I have reproduced the issue with at least the latest released version of superset.
- [yes ] I have checked the issue tracker for the same issue and I haven't found one similar.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] amitmiran137 commented on issue #15844: Giving a user access to a specific dashboard enables that user to see other datasources
Posted by GitBox <gi...@apache.org>.
amitmiran137 commented on issue #15844:
URL: https://github.com/apache/superset/issues/15844#issuecomment-1001021562
Thank you for reporting !!
Does that users has any database/schema/data source permissions in any of his other roles?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org