GitHub user sfirke added a comment to the discussion: Public role is too strong by default
This is a good catch - I agree that Gamma permissions are too powerful for most people who want a Public viewer role. The set of permissions I've given to people is: > can read on CssTemplate, can read on Chart, can read on Annotation, can read > on Dashboard, can get on OpenApi, can write on DashboardFilterStateRestApi, > can read on DashboardFilterStateRestApi, can write on > DashboardPermalinkRestApi, can read on DashboardPermalinkRestApi, can write > on ExploreFormDataRestApi, can read on ExploreFormDataRestApi, can write on > ExplorePermalinkRestApi, can read on ExplorePermalinkRestApi, can list on > FilterSets, can time range on Api, can query on Api, can query form data on > Api, can filter on Superset, can slice json on Superset, can explore json on > Superset, can validate sql json on Superset, can favstar on Superset, can > dashboard permalink on Superset, can sql json on Superset, can queries on > Superset, can csv on Superset, can dashboard on Superset, can slice on > Superset, can annotation json on Superset, can share dashboard on Superset, > can read on AdvancedDataType I shared that list with someone on Slack and they said that they also had to add these: `menu access on dashboards, can recent activity on logs, can userinfo on UserDBModelView` I would be interested in blending it with yours to get the narrowest set possible, then recommending that to people -- or simply adding it as a default role in Superset. It's been a couple of years since I refined this list. I see a couple of mine that I think are clearly missing from yours, e.g., getting CSS templates and annotations. Are there are any on my list that seem problematic to you in terms of giving the user too much power? GitHub link: https://github.com/apache/superset/discussions/33125#discussioncomment-12832658 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
