chore: Add granular permissions for actions in Dashboard

[geido]

SUMMARY

This PR introduced a new permission to enable view and drilling actions on the Dashboard independently of the can_explore permission #26798. However, from recent feedback it is clear that the need is to have more granularity for these permissions.

This PR introduces the following permissions:

• can_view_chart_as_table to enable the "View as table" option in the chart actions in a Dashboard
• can_view_query to enable the "View query" option in the chart actions in a Dashboard

This PR also implements the following changes:

• It removes the permission can_view_and_drill introduced in chore: Add permission to view and drill on Dashboard context #26798.
• It ties Drill to detail to both can_explore and can_samples as can_samples is a required backend permission for Drill to detail to work
• It ties Drill by to both can_explore and can_write_ExploreFormDataRestAPI as the latter is a required backend permissions for the submission of form data when interacting with Drill by

Fixes #26762
Fixes #25630

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N.A.

TESTING INSTRUCTIONS

• CI should pass
• A role with can_view_chart_as_table should see the View as table option without can_explore permission
• A role with can_view_query should see the View query option without can_explore permission
• A role without can_samples should not be able to see Drill to detail
• A role without can_write_ExploreFormDataRestAPI should not see Drill by

ADDITIONAL INFORMATION

• Has associated issue: Cannot use drill-by/drill-to in embedded mode without can explore on Superset permission #25630 Gamma role does not have permissions to drill #26762
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[kgabryje]

I know that can_view_and_drill permission wasn't around for long so probably few people have used it, but shouldn't we create a migration for it?

[mistercrunch]

It'd be nice to have a reusable function for perm migration that we could use in database migrations. Now that we have migration_utils.py in theory it could contain a function migrate_permission(before_perm, after_perm). Though in theory it should only be use for equivalent (rename) or more atomic/selective permissions.

[dpgaspar]

we have this: https://github.com/apache/superset/blob/master/superset/migrations/shared/security_converge.py#L215

[agunoglu]

hi I have all roles. And can not see drill down menu in superset graphs. Why?

[rusackas]

hi I have all roles. And can not see drill down menu in superset graphs. Why?

Just to ask basic support questions, are you not seeing them in ANY chart, or just not EVERY chart? They're still not supported everywhere. They also appear on right-cick, which might not be the most discoverable thing in the world :)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (13915bb) 67.19% compared to head (3c4cdb2) 69.54%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #27029      +/-   ##
==========================================
+ Coverage   67.19%   69.54%   +2.34%     
==========================================
  Files        1899     1899              
  Lines       74380    74385       +5     
  Branches     8275     8276       +1     
==========================================
+ Hits        49981    51728    +1747     
+ Misses      22344    20602    -1742     
  Partials     2055     2055              

Flag	Coverage Δ
hive	53.81% <100.00%> (?)
javascript	56.91% <100.00%> (+<0.01%)	⬆️
mysql	78.01% <100.00%> (+<0.01%)	⬆️
postgres	78.14% <100.00%> (+0.03%)	⬆️
presto	53.76% <100.00%> (?)
python	83.10% <100.00%> (+4.85%)	⬆️
sqlite	77.66% <100.00%> (+0.03%)	⬆️
unit	56.49% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sfirke]

Would this PR address or affect open issue #25630?

It looks relevant to open issue #26762, at a glance it would not solve it (Gamma would still need can_samples) but if someone working on this PR felt in the right headspace to tackle this issue it would save on task switching costs.

[geido]

Would this PR address or affect open issue #25630?

It looks relevant to open issue #26762, at a glance it would not solve it (Gamma would still need can_samples) but if someone working on this PR felt in the right headspace to tackle this issue it would save on task switching costs.

@sfirke in terms of fixing the mentioned issues, I think this PR should be the solution. Drill to detail must be tied to can_samples in order to function and can_explore to respect the current permission dependency on the UI. Drill by requires can_write on ExploreFormDataRestApi or there will be an error message showing up when posting form data, together with can_explore based on current permission dependency on the UI. I haven't checked whether these permissions can work without can_explore but my objective here is to avoid a breaking change.

The View as table and View query options now can be enabled granularly and the Edit chart buttons in the respective Modals will be disabled if can_explore is OFF.

As for what concerns assigning/changing permissions of the existing roles, this is beyond the scope of this PR and I think it would be best to discuss this opportunity in the appropriate channels. Thanks!

[kgabryje]

@geido I think drill by needs the can_explore permission only for the "Edit chart" button. If we made that button conditionally disabled if user doesn't have access to Explore and sent the post request in line 90 in DrillByModal.tsx, then the feature should work just fine without can_explore.
That would solve the issues that @sfirke linked in his comment

[geido]

@geido I think drill by needs the can_explore permission only for the "Edit chart" button. If we made that button conditionally disabled if user doesn't have access to Explore and sent the post request in line 90 in DrillByModal.tsx, then the feature should work just fine without can_explore. That would solve the issues that @sfirke linked in his comment

That's right. Drill by does not need can_explore. However, removing can_explore would cause Drill by to show up and it might not be the expected behaviour for most people at this point. I think having granular permissions for both Drill by and Drill to detail could be a better approach to remove the dependency on can_explore. @yousoph what do you think?

I would aim to merge this PR as it is and continue in a follow-up.

[dimoha]

Hi

I think that i found a small bug
#27896

can you check it?

[icrc-fdeniger]

hello @geido

However, removing can_explore would cause Drill by to show up and it might not be the expected behaviour for most people at this point

Is there a plan to allow end-users to be able to Drill with having can_explore ?

Thanks

[rusackas]

For the sake of the thread, @icrc-fdeniger opened an issue regarding that permission question: #27900

[puru-khedre]

Hello @geido @dpgaspar
In which release this PR is merged, I want that permissions set

Or How can I know the release which has this permissions

[michael-s-molina]

Hello @geido @dpgaspar In which release this PR is merged, I want that permissions set

Or How can I know the release which has this permissions

Hi @puru-khedre. You can always check the CHANGELOG to see if a particular PR was included in a release. This one was included in 4.0.0 as you can see here.

[puru-khedre]

Hi @puru-khedre. You can always check the CHANGELOG to see if a particular PR was included in a release. This one was included in 4.0.0 as you can see here.

Thanks @michael-s-molina

[agunoglu]

First of all, thank you for your answer. - I enter the system with the admin role. all roles are open. Dimension columns are marked for my fields in the dataset. [image: image.png] - FEATURE_FLAGS settings in config py file are as below. FEATURE_FLAGS = { "DASHBOARD_NATIVE_FILTERS": True, "DASHBOARD_CROSS_FILTERS": True, "DASHBOARD_DRILL_DOWN": True, "DRILL_TO_DETAIL": True, "DRILL_BY": True } -And I have all roles for my admin user but when I check the my graps I cant see drill down options as below.. How can I do it..Thanks [image: image.png] so I added the self.add_permission_view_menu("can_view_and_drill", "Dashboard") under the def create_custom_permissions(self) -> None: like you said. There is no "can_view_and_drill" in the rolls. What can I do. Thanks..?? Evan Rusackas ***@***.***>, 2 May 2024 Per, 21:14 tarihinde şunu yazdı:

…

***@***.**** commented on this pull request. ------------------------------ In superset/security/manager.py <#27029 (comment)>: > @@ -726,7 +726,8 @@ def create_custom_permissions(self) -> None: self.add_permission_view_menu("can_csv", "Superset") self.add_permission_view_menu("can_share_dashboard", "Superset") self.add_permission_view_menu("can_share_chart", "Superset") - self.add_permission_view_menu("can_view_and_drill", "Dashboard") hi I have all roles. And can not see drill down menu in superset graphs. Why? Just to ask basic support questions, are you not seeing them in ANY chart, or just not EVERY chart? They're still not supported everywhere. They also appear on right-cick, which might not be the most discoverable thing in the world :) — Reply to this email directly, view it on GitHub <#27029 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQFE5QEYTBOMEO67QYCAPKTZAJ7CDAVCNFSM6AAAAABC4GTVZ6VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDAMZWGU2DCNRTGQ> . You are receiving this because you commented.Message ID: ***@***.***>

[geido]

Hello @agunoglu can_view_and_drill was removed. Are you running on latest master?

[saurabh-innovator]

Hi @geido , I want to understand that why can_view_and_drill permission was removed. Issue that I am facing is, I wish to have a read-user who can just view chart table and just drill. I don't want to expose the query/edit/chart. That was the very good use case which you implemented, so why you removed it, also How can I again implement my case?