chandug1991 commented on issue #33698: URL: https://github.com/apache/superset/issues/33698#issuecomment-2945368451
Thanks for the detailed explanation. However, I’ve already tested the behavior with DASHBOARD_RBAC = False, and I still face the same issue: Users without access to certain datasets are still seeing charts tied to those datasets on the embedded dashboard. Even with DASHBOARD_RBAC disabled, Superset either: Renders both charts with no data restriction, or Shows the chart frame with an "Access denied" overlay (instead of hiding it completely), which still exposes chart metadata and layout to the user. This behavior makes it difficult to enforce fine-grained visibility in embedded dashboards. Ideally: Users should only see charts they are authorized to view, based on dataset access or RLS policies. Unauthorized charts should be hidden from the dashboard altogether—not just return an error message. I’ve reviewed the related GitHub issues you mentioned, but currently there seems to be no reliable way to enforce per-chart or per-dataset permissions within a shared dashboard, especially in embedded mode. Please confirm if this is a known limitation or any alternatives?, and whether any roadmap changes are planned to address it. Thanks again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
