Incubator-superset: How to restrict between two users of same role??

Created on 7 Dec 2017 · 14Comments · Source: apache/incubator-superset

Make sure these boxes are checked before submitting your issue - thank you!

[ ] I have checked the superset logs for python stacktraces and included it here as text if any
[ ] I have reproduced the issue with at least the latest released version of superset
[ ] I have checked the issue tracker for the same issue and I haven't found one similar

Superset version

0.20.6

Expected results

I want to use two users with same role.
But the database,tables,slice and dashboard created by one user should not be visible to other user and vice versa.

Actual results

One user can see all datas (database,tables,slices and dashboards) created by another user.

This result is due to adding this permission:
all datasource access on all_datasource_access
all database access on all_database_access

Steps to reproduce

Is this type of permission is possible in superset.
If yes, What are the permissions to be added for that role.
Thanks in advance.

inactive

Source

AnithaMurugesan

All 14 comments

If you don't want a user to see evertyhing, avoid the all_*_access permissions. Am i missing something?

xrmx on 7 Dec 2017

Thanks..
But how can we make one user's datas(including database,tables,slices and dashboards ) invisible to other user??

AnithaMurugesan on 7 Dec 2017

They should not be accessible to other users until you give other users permissions to do so. Have you read the permissions related documentation?

xrmx on 7 Dec 2017

Yes...I have seen that permissions like : datasource access on [XXX].(id:2)
This permissions will be set by higher level user like admin to lower level user say, alpha.
But how to make datas hide between users of same role(like within alpha users).

AnithaMurugesan on 7 Dec 2017

Just create 2 different roles. User 1 can have "gamma" + "set of tables 1" and user 2 can have "gamma" + "set of tables 2"

mistercrunch on 7 Dec 2017

Thanks...
I will try this...

AnithaMurugesan on 8 Dec 2017

I can find 'menu access on sources' and 'menu access on tables' are enabled in 'gamma' role.
Sources tab is invisible to gamma user.
But they can access the url - http://localhost:8088/tablemodelview/list/
Do we want to enable some other permission to make it visible to the gamma user ??

AnithaMurugesan on 10 Dec 2017

Gamma should be able to see the datasources, if that's not the case it's a bug.

mistercrunch on 11 Dec 2017

does anyone feel that the auth model of superset is too hard to use?
can we stop using flask_appbuilder, and choose another RBAC framework?

nancykyo on 13 Dec 2017

😕1 👍1

RBAC in FAB is fine, plus it's baked deeply in the web framework, can't change that. The missing element in the FAB model is "group".

mistercrunch on 13 Dec 2017

Hi...
In Add Slice button in Slices Tab, I can find an option "Choose a datasource"
In this option, I want to display only the datasources that the user has access to.
(Right now all datasources are visible there..But on clicking the datasource that the user has no access gives error message..Here the user has gamma role)..How can I hide the other datasources in this option..
Which permission is to be removed...I tried it..But can't find the solution...
Is there any option for restricting user from viewing other tables.??
Thanks in Advance...

AnithaMurugesan on 5 Jan 2018

Is there any roles documentation for superset?

AnithaMurugesan on 8 Jan 2018

👍1

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.