dosubot[bot] commented on issue #29505:
URL: https://github.com/apache/superset/issues/29505#issuecomment-2269139859
<!-- Answer -->
If you've ensured that the user has the "Admin" role and are still
encountering the "Access is Denied" error, there might be additional
configurations or issues with the custom login setup. Here are a few steps to
further troubleshoot and resolve the issue:
1. **Verify Role and Permissions**:
Ensure that the "Admin" role has the necessary permissions. You can check
this in the Superset UI under Security -> List Roles -> Admin. The "Admin" role
should have access to all view menus, including "List Users".
2. **Check Custom Middleware**:
Ensure that your custom middleware is correctly setting the `REMOTE_USER`
environment variable. Here is a refined version of your middleware:
```python
class RemoteUserMiddleware(object):
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
user = environ.get('HTTP_USER')
if user:
environ['REMOTE_USER'] = user
return self.app(environ, start_response)
```
3. **Debugging Custom Login**:
Add logging to your custom login code to ensure that the user is being
correctly authenticated and assigned roles. For example:
```python
class CustomRemoteUserView(AuthRemoteUserView):
login_template = ""
@expose("/login/")
def login(self):
logger.info("Using custom security manager")
username = ""
url = ""
if g.user is not None and g.user.is_authenticated:
return redirect(self.appbuilder.get_url_for_index)
def getUserName(user_roles):
return "dummy"
try:
token = "Bearer " + token
response = requests.get(url, headers={"Tenant_identifier":
tenantIdentifier, "Authorization": token})
if response.status_code == 200:
user_data = response.json()
user_roles = user_data['data']['userRoles']
security_manager = self.appbuilder.sm
username = getUserName(user_roles)
logger.info(f"Username: {username}")
user = security_manager.find_user(username=username)
if user is not None:
logger.info("User found, logging in")
login_user(user)
return redirect(self.appbuilder.get_url_for_index)
else:
logger.warning("User not found")
return redirect('/login/')
else:
logger.warning(f"Error: {response.status_code}")
return redirect('/login/')
except requests.exceptions.RequestException as e:
logger.error(f"RequestException: {e}")
return redirect('/login/')
```
4. **Ensure Proper Configuration**:
Make sure that your `superset_config.py` includes the necessary
configurations for custom authentication:
```python
from your_custom_middleware_module import RemoteUserMiddleware
ADDITIONAL_MIDDLEWARE = [RemoteUserMiddleware]
class CustomSecurityManager(SupersetSecurityManager):
authremoteuserview = CustomRemoteUserView
CUSTOM_SECURITY_MANAGER = CustomSecurityManager
AUTH_TYPE = AUTH_REMOTE_USER
```
5. **Database Migration and Initialization**:
Ensure that your database is up-to-date with the latest migrations and
initializations:
```sh
export FLASK_APP=superset
superset db upgrade
superset init
```
By following these steps, you should be able to identify and resolve the
issue causing the "Access is Denied" error when navigating to `list/users`
<sup>[[1]](https://github.com/apache/superset/blob/master/superset/security/manager.py)</sup><sup>[[2]](https://github.com/apache/superset/blob/master/docs/docs/security/security.mdx)</sup>.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
