You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/06/07 20:25:38 UTC

[GitHub] [superset] etadelta222 opened a new issue #15026: Permissions to limit user list for 'Owner', 'Created by' dropdown - Filters and Search

etadelta222 opened a new issue #15026:
URL: https://github.com/apache/superset/issues/15026


   Our organization has external users who have access to dashboards specifically designed for them. We are running an older version of superset and upgrading to the 1.1.0. In the new version the UI has filter and search capabilities on the dashboard page (referenced [here](https://docs.preset.io/docs/how-to-find-charts-and-dashboards)). 
   
   Even though user accessing the dashboard only has access to their dashboard, the dropdown list for 'Owners' and 'Created By' display ALL users. This is an issue since we don't want external users to be able to see other users.
   
   ![image](https://user-images.githubusercontent.com/19858818/121082751-8e432700-c7ac-11eb-9120-51cb903c9be9.png)
   
   
   Since we are restricting the user access to specific dashboards using roles and permissions, a new permission to limit the values in the drop downs would be ideal. 
   
   Current options:
   The values are being populated by calling the /dashboard/related/[column_name] API. We would have to pass in query parameter to only show current user OR based on user/role only show 'All' as default value OR hide 'Owners' and 'Created By'. 
   
   https://github.com/apache/superset/blob/74473e2ad1975150a6dc578d67aae05de5ba4b02/superset-frontend/src/views/CRUD/dashboard/DashboardList.tsx#L386
   
   I've asked about this in the Apache Superset Slack workspace and have not had any luck. Please let me know if I can provide any additional information.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] russmatney commented on issue #15026: Permissions to limit user list for 'Owner', 'Created by' dropdown - Filters and Search

Posted by GitBox <gi...@apache.org>.
russmatney commented on issue #15026:
URL: https://github.com/apache/superset/issues/15026#issuecomment-888492045


   This behavior is indeed the same in 1.2 - the dropdowns here expose all users to any other user that visits the dashboards list. This lack of control is unfortunate, as it prevents this feature (and features like it https://github.com/apache/superset/issues/15066) from being usable in a multi-tenant context (without forking/workarounds), where some groups of users and datasources should not be exposed to each other.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] etadelta222 commented on issue #15026: Permissions to limit user list for 'Owner', 'Created by' dropdown - Filters and Search

Posted by GitBox <gi...@apache.org>.
etadelta222 commented on issue #15026:
URL: https://github.com/apache/superset/issues/15026#issuecomment-885881955


   Just wanted to check if 1.2 addresses this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] etadelta222 commented on issue #15026: Permissions to limit user list for 'Owner', 'Created by' dropdown - Filters and Search

Posted by GitBox <gi...@apache.org>.
etadelta222 commented on issue #15026:
URL: https://github.com/apache/superset/issues/15026#issuecomment-856245390


   Thanks for the suggestion @nytai. I actually did try that approach but it did not work. The user information is stored in the ab_user table and I'm not able to access it for RLS filter. 
   
   ![image](https://user-images.githubusercontent.com/19858818/121085166-88027a00-c7af-11eb-9a01-f4b641ff83c2.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] etadelta222 edited a comment on issue #15026: Permissions to limit user list for 'Owner', 'Created by' dropdown - Filters and Search

Posted by GitBox <gi...@apache.org>.
etadelta222 edited a comment on issue #15026:
URL: https://github.com/apache/superset/issues/15026#issuecomment-856245390


   Thanks for the suggestion @nytai. I actually did try that approach but it did not work. The user information is stored in the ab_user table and I'm not able to access it for RLS filter. I'm logged in as admin.
   
   ![image](https://user-images.githubusercontent.com/19858818/121085166-88027a00-c7af-11eb-9a01-f4b641ff83c2.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] nytai commented on issue #15026: Permissions to limit user list for 'Owner', 'Created by' dropdown - Filters and Search

Posted by GitBox <gi...@apache.org>.
nytai commented on issue #15026:
URL: https://github.com/apache/superset/issues/15026#issuecomment-856233786


   the issue here is that permissions are not at the row level. So a user either has a permission to fetch a list of users or not. You might be able to achieve what you need using row level security 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] etadelta222 commented on issue #15026: Permissions to limit user list for 'Owner', 'Created by' dropdown - Filters and Search

Posted by GitBox <gi...@apache.org>.
etadelta222 commented on issue #15026:
URL: https://github.com/apache/superset/issues/15026#issuecomment-905818785


   Thanks @russmatney. I was hoping it was addressed and the upgrade will be less painful. I know there were front end changes from 1.1.0 to 1.2 so I won't be able to just overwrite files that I had to update in 1.1.0. :/ 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org