-
Notifications
You must be signed in to change notification settings - Fork 13.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
datasources are not filtered per user permissions in Slice's "Datasource & Chart Type" #1434
Comments
Is the restricted user member of the gamma or alpha group? |
Confirmed as bug, we show all the datasources without filtering the one the user has access to. |
The user is a part of a new role, called Client that is based on Alpha. It has a more limited set of permissions than Alpha, which I have attached to this ticket for reference. |
Work in progress fix here: I need to sort out how to fix the tests because the user is getting redirected to the request access view: |
@jasonshah could you please confirm is this bug fixed or not? |
@jasonshah thank you |
We then set up a separate role for each of our clients, e.g. client_name. This role has permissions: We haven't actually rolled this to any production clients yet, unfortunately, because of the issue in this ticket and in 1498. But hopefully soon. |
Notice: this issue has been closed because it has been inactive for 389 days. Feel free to comment and request for this issue to be reopened. |
I am facing the same issue with superset v 0.25.6. The issue still persists as the user seeing all the datasources in chart drop down that he has no access to. I have given user the gamma role and new role that only has permission to a single datasource |
@mistercrunch this issue still exists... all databases are passed back to the SQL editor whether the user has role permission or not. |
PR for this issue. #6356 |
Same issue in superset 0.27.0 version. Is there a way to prevent the restricted user from seeing the other data sources in sqllab |
Hi,
We are attempting to create a highly restricted user in Caravel. This user can create slices and dashboards, but only for a specific set of datasources. They should not be able to even see the existence of other datasource when creating a slice.
We currently have two datasources, one as an admin datasource with access to everything, and one as a restricted datasource for the restricted user.
When navigating to the Slice, the restricted user can still see all of the other datasources, even if restriction is denied.
Is there a way to prevent the restricted user from even seeing the other datasources?
(Sorry for duplicating this question in the Google Group.)
Thank you!
The text was updated successfully, but these errors were encountered: