-
Notifications
You must be signed in to change notification settings - Fork 13.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some permissions (on main page) seem unnecessary because they are associated with essential functions #27765
Comments
Yep, the whole permission system feels very clunky and too raw to manage. If a permission is necessary to be granted for a user to actually use the system, it should not be listed. Also, it's worth mentioning that there are 176 permissions assigned to vanilla Admin role with no proper documentation. If it's the whole set of permissions, I believe they should be grouped by functionality so superusers could easily acknowledge what is assigned to any given role. It could be visualized as a table, like so:
I believe such a permission view could be a great relief to anyone who administers Superset or conducts security audit on the installation. |
Just wanted to point out that @mistercrunch has a SIP open here: |
Bug description
Hello,
I find permission management tricky because there is little documentation on the subject.
with Superset v3.1.1 (docker), I started from a role with no permission to try to understand the impacts of permissions.
I notice that certain essential functions rely on permissions. Here is the detail :
With no permission, I navigate on pages
HOME PAGE
the simple access on welcome page causes errors
The following permissions are therefore obligatory :
The Create buttons are presents although the user has no permission. Click on it --> Error
PARAMETERS/PROFIL
OK, the page is displayed but why a permission "can profile on Superset" exists ? It's seems unnecessary
PARAMETERS/INFO
Error "Acces is denied"
The following permission is therefore obligatory :
Proposed solution
if permission is imposed on everyone then it should not exist :
could be deleted
Create buttons should be displayed only if permission (value to specify) are present
Same for Parameters/Info, it's should be displayed only if permission "userinfoedit on UserDBModelView" is present
if permission is unnecessary then it should not exist :
Best regards
How to reproduce the bug
Create a role without permission
Create a user with this role
With this user, go on :
Screenshots/recordings
No response
Superset version
3.1.1
Python version
3.9
Node version
16
Browser
Chrome
Additional context
Docker
Checklist
The text was updated successfully, but these errors were encountered: