superset icon indicating copy to clipboard operation
superset copied to clipboard
verified publisher icon apache

Duplicate can_import permission on ImportExportRestApi

Open ascdata opened this issue 1 month ago • 2 comments

Bug description

I noticed that in Apache Superset, the permission "can import on ImportExportRestApi" appears twice. This seems redundant and could cause confusion when managing roles and permissions.

  1. Go to "settings"
  2. Go to "list roles"
  3. Edit a role
  4. Choose permissions
  5. You can select "can import on ImportExportRestApi" twice
Image

Screenshots/recordings

No response

Superset version

5.0.0

Python version

I don't know

Node version

I don't know

Browser

Chrome

Additional context

No response

Checklist

  • [x] I have searched Superset docs and Slack and didn't find a solution to my problem.
  • [x] I have searched the GitHub issue tracker and didn't find a similar bug report.
  • [ ] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

ascdata avatar Nov 11 '25 09:11 ascdata

Can you check to see if this is two different permissions that (unfortunately) have the same label? Or if it's the same permission being added twice somehow? Either way sounds problematic, and we're open to investigation or a PR to resolve it.

This seems like something that might be subject to the SIP for a revised security model that @mistercrunch was looking at.

rusackas avatar Nov 12 '25 18:11 rusackas

I have this same issue. Following.

shalom-t avatar Dec 09 '25 09:12 shalom-t