GitHub user hadianow closed a discussion: How to Restrict access to supserset Dashboards/Charts with proper authentication
- I am using Superset dashboards in my application, and this is how the authentication works in my application for fetching charts and dashboards: https://www.npmjs.com/package/@superset-ui/embedded-sdk#creating-a-guest-token - The **Public** role in the Superset Roles list has numerous Permissions associated with it - As a result, unauthenticated users can access APIs (for example: api/v1/chart/related/owners), which is a huge security issue - I tried revoking the permissions associated with the Public role. But that stopped the access to dashboards for even the authenticated users (refer to aforementioned link) - How can I restrict access to just authenticated users? - From my `superset_config.py` file: PUBLIC_ROLE_LIKE = "Guest_public" - PS: Despite removing all permissions related to the role `Guest_public`, unauthenticated users still have access to all the dashboards and charts - `GUEST_ROLE_NAME` is not explicitly anywhere in the `superset_config.py` file GitHub link: https://github.com/apache/superset/discussions/33674 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
