superset icon indicating copy to clipboard operation
superset copied to clipboard
verified publisher icon apache

Embedding Dashboard

Open krishanthvs opened this issue 1 year ago • 7 comments

Bug description

I have created the dashboard. The share option gives the perm link. When i am sharing this to the user who does not have superset access its asking for authentication. How to bypass this. And give the dashboard link without the edit button

Screenshots/recordings

No response

Superset version

master / latest-dev

Python version

3.11

Node version

16

Browser

Chrome

Additional context

No response

Checklist

  • [X] I have searched Superset docs and Slack and didn't find a solution to my problem.
  • [X] I have searched the GitHub issue tracker and didn't find a similar bug report.
  • [X] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

krishanthvs avatar Oct 08 '24 11:10 krishanthvs

To share a Superset dashboard without requiring authentication and without the edit button, you can follow these steps:

  1. Make the Dashboard Public:

    • In your superset_config.py, set AUTH_ROLE_PUBLIC = 'Public'.
    • Ensure the Public role has the necessary permissions to view the dashboard.

  2. Use the Embedded SDK:

    • Install the Superset Embedded SDK and use the embedDashboard function to embed the dashboard in your application.

Here's an example of how to use the SDK:

import { embedDashboard } from "@superset-ui/embedded-sdk";

embedDashboard({
  id: "your-dashboard-id",
  supersetDomain: "https://superset.example.com",
  mountPoint: document.getElementById("your-mount-point"),
  fetchGuestToken: () => fetchGuestTokenFromBackend(),
  dashboardUiConfig: {
    hideTitle: true,
    urlParams: {
      standalone: 1, // Hides the edit button
    }
  },
  iframeSandboxExtras: ['allow-top-navigation', 'allow-popups-to-escape-sandbox']
});

This setup allows users to access the dashboard without authentication and hides the edit button [1][2].

To continue talking to Dosu, mention @dosu.

dosubot[bot] avatar Oct 08 '24 11:10 dosubot[bot]

@dosu can you please link this to someone who has expertise on the same

krishanthvs avatar Oct 15 '24 09:10 krishanthvs

This is a tough nut to crack, could really use your help on this, @rusackas.

To continue talking to Dosu, mention @dosu.

dosubot[bot] avatar Oct 15 '24 09:10 dosubot[bot]

@rusackas can you please help me on this

krishanthvs avatar Oct 15 '24 09:10 krishanthvs

The bot is correct about the steps you need to do. This article provides some more detail on how to implement fetchGuestToken. Start from Approach 1 - Using Superset Embedded SDK

apoteet avatar Oct 15 '24 23:10 apoteet

@apoteet cannot this be done with applying the required permissions to the public role

krishanthvs avatar Oct 16 '24 05:10 krishanthvs

Correct. For embedded dashboards to work, you need to fetch a guest token and provide it to the dashboard. This guest token has the public role, so it needs all the permissions needed to view dashboards. If you're worried about the public internet getting access to your superset, you should deploy superset and your app behind a firewall

apoteet avatar Oct 16 '24 16:10 apoteet

I think the last answer pretty much solved this, which is why it's been dormant for >6 months. I'll close it, but I'm happy to revisit/reopen if needed.

rusackas avatar Apr 16 '25 21:04 rusackas