Datasource access

[Zarrina1]

Bug description

Hello everyone!
I have Superset version 2.1.0
I have an issue while giving access to gamma role on particular dataset .
Normal situation is when I give datasource access to Gamma role. So after that Gamma-user can see dashboards where «my_dataset» was used as source and also Gamma user can see «my_dataset» in Dataset folder .This works with only some datasets .
Result:
Gamma Role with dataset access

What this Gamma Role will see :
Connected dashboard

Needed dataset

So another situation is when I give also datasource access to Gamma role but on another dataset (for ex- «dataset2» ) and dataset2 is used in some dashboards .This dashboards are not been displayed at all for the gamma-user but the user can see «dataset2» in Dataset folder .
Giving access process:

So all user is able to see :

But no dashboards !
How to solve it ?Why are dashboards been shown only with some datasets?

How to reproduce the bug

1.Create Gamma role with datasourse access on [Cluster].[dataset]
2.Gamma role user can see dataset but no related charts/dashboard
ps. dashboards are shown with some datasets ,with other datasets are not

Screenshots/recordings

No response

Superset version

master / latest-dev

Python version

I don't know

Node version

I don't know

Browser

Chrome

Additional context

No response

Checklist

• I have searched Superset docs and Slack and didn't find a solution to my problem.
• I have searched the GitHub issue tracker and didn't find a similar bug report.
• I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

[dosubot]

@Zarrina1 Hello there! I'm here to help you with any bugs, questions, or contributions you have for the repository. Let's squash those bugs together! 🤖

To resolve the issue where a Gamma role user can see some datasets in the Dataset folder but cannot see the related dashboards for those datasets in Superset version 2.1.0, follow these steps:

1. Ensure Gamma Role Permissions: Verify that the Gamma role user has access to the data sources used in the dashboards. Gamma users can only view slices and dashboards made from data sources they have access to.

2. Create a Complementary Role:

   • Go to Menu -> Security -> List Roles and click the + sign.
   • Name the new role, assign it to users, and select the tables in the Permissions dropdown.
   • Use the typeahead to search for your table names and select the data sources you want to associate with this role.

3. Assign the New Role:

   • Assign this new role to the Gamma role user.
   • Confirm with the user that they can see the objects (dashboards and slices) associated with the tables you just extended them.

4. Check Dashboard Publication: Ensure that the dashboards are published. Dashboards need to be published for them to be visible to users. Verify this by checking the published attribute of the dashboards.

5. Verify Permissions: Use the can_access_dashboard method to check if the user has the necessary permissions to access the dashboard:

   def can_access_dashboard(self, dashboard: "Dashboard") -> bool:
       try:
           self.raise_for_access(dashboard=dashboard)
       except SupersetSecurityException:
           return False
       return True

By following these steps, you should be able to resolve the issue and ensure that the Gamma role user can see the related dashboards for the datasets they have access to ^{[1][2][3][4][5]}.

Details

About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

[Zarrina1]

@dosu
def can_access_dashboard(self, dashboard: "Dashboard") -> bool:
try:
self.raise_for_access(dashboard=dashboard)
except SupersetSecurityException:
return False
return True
Where can i write this?

[dosubot]

You should write the can_access_dashboard method in the SupersetSecurityManager class within the superset/security/manager.py file. Here is the method definition for reference:

def can_access_dashboard(self, dashboard: "Dashboard") -> bool:
    """
    Return True if the user can access the specified dashboard, False otherwise.

    :param dashboard: The dashboard
    :returns: Whether the user can access the dashboard
    """
    try:
        self.raise_for_access(dashboard=dashboard)
    except SupersetSecurityException:
        return False

    return True

This method ensures that the permissions for accessing a dashboard are checked correctly by calling the raise_for_access method and handling any SupersetSecurityException that might be raised ^[1].

Details

About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

[Zarrina1]

@dosu But why using some datasets dashboards are shown ,with other are not?

[dosubot]

The inconsistency in dashboards being shown for some datasets but not for others when accessed by a Gamma role user in Apache Superset version 2.1.0 is likely due to a permissions issue. Specifically, the fix for this issue is mentioned in the changelog:

• #23118 fix(rbac): show objects accessible by database access perm (@villebro)

This fix ensures that objects (such as dashboards) are shown to users based on their database access permissions. To resolve this inconsistency, you should ensure that the Gamma role has the appropriate database access permissions for the datasets in question.

Additionally, the integration tests for dashboard security in Superset provide further insights into how permissions are managed. For example, the test_users_can_list_published_dashboard test ensures that users can view dashboards if they have the necessary permissions for the underlying datasets.

Here is a code snippet to check and update the permissions for the Gamma role:

from superset import security_manager

# Get the Gamma role
gamma_role = security_manager.find_role("Gamma")

# Ensure the Gamma role has the necessary database access permissions
databases = security_manager.get_all_databases()
for database in databases:
    security_manager.add_permission_role(gamma_role, security_manager.find_permission_view_menu("database_access", database.perm))

# Commit the changes
security_manager.get_session.commit()

This code ensures that the Gamma role has access to all databases, which should resolve the issue of dashboards not being shown for some datasets. Additionally, you can refer to the integration tests in tests/integration_tests/security_tests.py for more examples of how permissions are handled in Superset. For instance, the test_gamma_user_schema_access_to_dashboards test verifies that users can list published dashboards, ensuring that permissions are correctly applied ^[1][2][3][4].

Details

About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.

[rusackas]

I hope the AI comments are helpful, but I'm going to go ahead and close this out since we no longer support Superset <3.1. I think you can continue the bot talk as long as you'd like, but I'd also encourage you join slack and see if others there are able to help, perhaps in the #customizing-superset channel.