Access configuration is too complicated

[XiaodiKong]

I want to try to configure some roles, show only the specified some Dashboards, but I found the permission configuration is too complicated. Can provide some simple way to realize configuration? A lot of editing is only need administrator, users need only observe the completely Dashboard, do anyone can help me?

[yamyamyuo]

I totally agreed that the security control is too complex to use. There are several problems with the role based permission models.

1. if you have datasource access of a bunch of tables named Perm_A, it allows you to view dashboard A if its datasource is a subset of Perm_A's datasource. The tricky thing is that if by coincident, dashboard B 's datasource also a subset of Perm_A, then it will cause problem if dashboard B is not supposed to be accessed by anyone.

2. Datasource access is only controlled over table. Why datasource access control is not available on the level of database, schema or catalog? If you want to control a department's datasource access, you have to list all of the tables that belongs to the specific department. That's unreasonable. If a company has hundreds of departments and thousands of databases, it will require many superset administrator to manage the permission.

3. The permission models does not support deny. In some use case, if you don't have one permission, you will be denied.

I did some hack things to avoid the complex permission management. I use scripts to automatically add one invisible slice to dashboard. Each slice use different datasource(data sources are auto create by script as well!). Then it can solve problem 1.
Scripts will be scheduled once an hour to collect all the dashboard's table permissions and create a grouped roles. The final things for admins to do is add the grouped role to specific user. That saved a lot of work!

[nitin466]

Hi All,
I am new to superset and i have this requirement where I have four users with similar role(let's say Alpha) and i want to create dashboards which can be viewed by two alpha user(user1 and user2) but not by other two(user3 and user4) .

Real use case: users with similar role but one or two attributes different. Suppose i have sales manager for two different geographical region and i want to create two separate dashboards corresponding to each region and each sales manager should be able to see dashboard of his region only not of others.

If anyone has worked on similar requirements, please let me know how can this be achieved ?
Thanks in advance, any leads in this regard will be appreciated.

[stuarthu]

Hi All,
I am new to superset and i have this requirement where I have four users with similar role(let's say Alpha) and i want to create dashboards which can be viewed by two alpha user(user1 and user2) but not by other two(user3 and user4) .

Real use case: users with similar role but one or two attributes different. Suppose i have sales manager for two different geographical region and i want to create two separate dashboards corresponding to each region and each sales manager should be able to see dashboard of his region only not of others.

If anyone has worked on similar requirements, please let me know how can this be achieved ?
Thanks in advance, any leads in this regard will be appreciated.

https://superset.incubator.apache.org/security.html?highlight=permission#restricting-access-to-a-subset-of-a-particular-table