You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/05/21 04:03:16 UTC
[GitHub] [incubator-superset] srggrs opened a new issue #7563: User profile
navigation
srggrs opened a new issue #7563: User profile navigation
URL: https://github.com/apache/incubator-superset/issues/7563
**Is your feature request related to a problem? Please describe.**
Users can see the profile of other users (especially the admin and therefore their activity, e.g. created content and favourites)
Step To reproduce:
1 - create a user with restricted roles (e.g. gamma) and role access on a single table. (see bottom for my user permissions, which is more restrictive than gamma, for details).
2 - The created user ("test") have restriction on a single table (see below),
3 - that table was created by the admin user (which has an admin role) and the test user can click on the "admin admin" under "changed by" and see the profile of the admin
**Describe the solution you'd like**
In theory the other users shouldn't be able to see the activity of other users, unless there is a role that would grant that. So I'd like to have this implemented to ensure privacy in the users activities.
**additional details**
test user created with role test_role with following permissions:
`[can this form post on ResetMyPasswordView, can this form get on ResetMyPasswordView, can userinfo on UserDBModelView, resetmypassword on UserDBModelView, can query on Api, can list on TableModelView, menu access on Tables, menu access on Sources, can show on DatabaseView, can list on DatabaseView, can show on DatabaseAsync, can list on DatabaseAsync, can show on DatabaseTablesAsync, can list on DatabaseTablesAsync, can delete on SliceModelView, can add on SliceModelView, can list on SliceModelView, menu access on Charts, can show on SliceAsync, can list on SliceAsync, can delete on SliceAddView, can add on SliceAddView, can show on SliceAddView, can download on SliceAddView, can list on SliceAddView, can delete on DashboardModelView, can add on DashboardModelView, can list on DashboardModelView, can download dashboards on DashboardModelView, menu access on Dashboards, can delete on DashboardModelViewAsync, can list on DashboardModelViewAsync, can delete on DashboardAddView, can add on DashboardAddView, can download on DashboardAddView, can list on DashboardAddView, can fave slices on Superset, can profile on Superset, can explore json on Superset, can add slices on Superset, can select star on Superset, can checkbox on Superset, can results on Superset, can datasources on Superset, can explore on Superset, can slice json on Superset, can explorev2 on Superset, can save dash on Superset, can table on Superset, can fave dashboards on Superset, can tables on Superset, can stop query on Superset, can created slices on Superset, can request access on Superset, can slice on Superset, can filter on Superset, can csrf token on Superset, can created dashboards on Superset, can slice query on Superset, can dashboard on Superset, can show on CssTemplateModelView, can list on CssTemplateModelView, can list on CssTemplateAsyncModelView, can download on QueryView, can list on QueryView, can new on Dashboard, can save on Datasource]`
and table permission:
`[datasource access on [testdb].[DataProd](id:4)]`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org