superset icon indicating copy to clipboard operation
superset copied to clipboard
verified publisher icon apache

[dashboard] [native-filter] Unable to view Dashboard Native Filter's UI/Sidepanel with non-admin & non-owners users

Open usamaB opened this issue 3 years ago • 13 comments

A clear and concise description of what the bug is.

How to reproduce the bug

  • Enable Dashboard native filter
  • Create/publish a dashboard.
  • Dashboard native filters are only accessible by the owner of the dashboard or the admin, other users can't access it

Expected results

Screenshot 2022-01-20 at 09 38 02

Actual results

Screenshot 2022-01-18 at 17 51 42

Environment

(please complete the following information):

  • browser type and version: Google Chrome
  • superset version: superset version 1.3.1/1.4.0
  • python version: python --version 3.7
  • any feature flags active: DASHBOARD_NATIVE_FILTERS, DASHBOARD_CROSS_FILTERS

Checklist

Make sure to follow these steps before submitting your issue - thank you!

  • [x] I have checked the superset logs for python stacktraces and included it here as text if there are any.
  • [x] I have reproduced the issue with at least the latest released version of superset.
  • [x] I have checked the issue tracker for the same issue and I haven't found one similar.

usamaB avatar Jan 20 '22 08:01 usamaB

@geido can you explain what does need validation label means?

usamaB avatar Jan 25 '22 11:01 usamaB

Hello @usamaB it simply means that a committer should verify whether the issue can be reproduced.

geido avatar Jan 25 '22 13:01 geido

@geido How can I do that? It's just enabling the filter and it's not working for non-owners/Admins.

usamaB avatar Feb 02 '22 10:02 usamaB

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

stale[bot] avatar Apr 17 '22 17:04 stale[bot]

Did you find any solutions? I have the same problem when I try to make a public dashboard

isabellalacerda avatar May 09 '22 22:05 isabellalacerda

Hi, @isabellalacerda and @usamaB , I have fixed the issue by adding can_read on DashboardFilterStateRestApi and can_write on DashboardFilterStateRestApi permissions for the Public role

byk0t avatar May 11 '22 16:05 byk0t

@byk0t thank you! I was stuck and those permissions fixed it. I wish there was a list of which privileges are needed for public role to view dashboards (including those with native filters).

sfirke avatar May 17 '22 15:05 sfirke

@sfirke Actually I have such list. You can check it out here https://gist.github.com/byk0t/bd6e9c3839967b4ac28a8da30f468b2a

byk0t avatar May 17 '22 17:05 byk0t

@sfirke Actually I have such list. You can check it out here https://gist.github.com/byk0t/bd6e9c3839967b4ac28a8da30f468b2a

@byk0t Thanks. So we need these permissions in addition to the ones from Gamma? On a related note, I don't want public users to be able to export CSVs or run SQL, so I have to manually remove those every time I sync from Gamma using superset init...

alanorth avatar Jun 10 '22 12:06 alanorth

@sfirke Actually I have such list. You can check it out here https://gist.github.com/byk0t/bd6e9c3839967b4ac28a8da30f468b2a

@byk0t Thanks. So we need these permissions in addition to the ones from Gamma? On a related note, I don't want public users to be able to export CSVs or run SQL, so I have to manually remove those every time I sync from Gamma using superset init...

@alanorth you don't need to sync with Gamma at all. You can remove this line PUBLIC_ROLE_LIKE = "Gamma".

byk0t avatar Jun 10 '22 13:06 byk0t

@byk0t neither Gamma nor the permissions in your superset-public-permissions.json example were enough to let public/anonymous users view dashboards in my case (Superset 1.5.1). So what I did was sync with Gamma, then import yours, then manually remove all the permissions I didn't want anonymous to have (menu access, SQL Lab, Explore, CSV export, Swagger / OpenAPI, etc). I wish this was a bit more well documented...

alanorth avatar Jun 10 '22 13:06 alanorth

@byk0t neither Gamma nor the permissions in your superset-public-permissions.json example were enough to let public/anonymous users view dashboards in my case (Superset 1.5.1). So what I did was sync with Gamma, then import yours, then manually remove all the permissions I didn't want anonymous to have (menu access, SQL Lab, Explore, CSV export, Swagger / OpenAPI, etc). I wish this was a bit more well documented...

@alanorth In my case Public user was able to see dashboards (for the latest version and for 1.5.0). And I didn't sync with Gamma. Make sure you setup the permissions correctly.

byk0t avatar Jun 10 '22 13:06 byk0t

@byk0t hi I have an opposite requirement that I don't want to display filter state navigation bar of a dashboard when visited by users not logged in.But when I cancel two permissions you mentioned above, superset will redirect to login page automatically.So how can I make this filter state navigation bar invisible when visited by anonymous users?

swordrada avatar Sep 14 '22 08:09 swordrada

I'm guessing since everyone has a handle on the required permission, and can freely change that, it's safe to close this issue since it's been silent for a year and a half. If people are still encountering this in current versions (3.x) please open a new Issue with updated context or a PR/proposal to address the problem. Thanks!

rusackas avatar Feb 12 '24 20:02 rusackas