dosubot[bot] commented on issue #33698: URL: https://github.com/apache/superset/issues/33698#issuecomment-2945670996
<!-- Answer --> Strict dataset-level permissions in embedded dashboards—where unauthorized charts are hidden entirely—aren't currently supported out of the box in Superset. The platform's embedded mode and guest token model are designed so that all charts on a dashboard are visible, and dataset-level restrictions only result in "Access Denied" overlays, not chart removal. This is a known limitation and has been discussed as a security concern in the community ([source](https://github.com/apache/superset/issues/26201)). There are no official API or configuration options to enforce this kind of fine-grained chart visibility. Row-Level Security (RLS) can restrict data within charts, but it can't prevent the chart frame or metadata from being rendered ([source](https://github.com/apache/superset/issues/32869)). Some users have tried workarounds like using RLS clauses to force errors on unauthorized charts, but this only results in error overlays, not hiding the chart ([source](https://github.com/apache/superset/issues/26201)). The only way to fully hide unauthorized charts right now is to implement custom logic in your embedding React app: detect which charts failed to load due to access errors and programmatically remove or hide those chart components. This isn't robust, but it's the only practical workaround until Superset implements explicit viewer permissions for dashboards and charts—a feature proposed in SIP-126 but not yet available ([source](https://github.com/apache/superset/issues/32116)). If you need strict per-chart visibility, you'll need to handle it on the frontend for now. Keep an eye on SIP-126 and related roadmap items for future improvements. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/259196b8-78c2-4079-9557-87230be8b317?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/259196b8-78c2-4079-9557-87230be8b317?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/259196b8-78c2-4079-9557-87230be8b317?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/259196b8-78c2-4079-9557-87230be8b317?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/259196b8-78c2-4079-9557-87230be8b317?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/259196b8-78c2-4079-9557-87230be8b317?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/259196b8-78c2-4079-9557-87230be8b317?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [! [Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/33698) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
