superset: Cannot enable anonymous users to view dashboards

I have a dashboard that I want to share publicly. I followed the related steps from the documentation, also linked in https://github.com/apache/incubator-superset/issues/4102: https://superset.incubator.apache.org/security.html#public

Specifically, what I did was:

  1. Set PUBLIC_ROLE_LIKE_GAMMA = True in superset_config.py
  2. Added datasource access permissions to the Public role, for the datasource from where data in the dashboard is retrieved

Expected results

Anonymous (i.e., not logged in) users shall be able to see the dashboard by opening its URL in a web browser.

Actual results

Anonymous (i.e., not logged in) users are not able to see the dashboard by opening its URL in a web browser: they are redirected to the login page showing an Access Denied error.

I also tried to add some more permissions to the Public user (see screenshots) and managed to display the dashboard, but not the charts in it. However I don’t think it’s the right way to do it, it should work as documented.

Screenshots

Access denied error: image

Permissions that I tried to add to Public, together with the datasource access: image

What I saw after adding such permissions: Screenshot 2019-06-24 at 11 21 06 1

Environment

  • superset version: built from master

Checklist

Make sure these boxes are checked before submitting your issue - thank you!

  • I have checked the superset logs for python stacktraces and included it here as text if there are any.
  • I have reproduced the issue with at least the latest released version of superset.
  • I have checked the issue tracker for the same issue and I haven’t found one similar.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 23 (8 by maintainers)

Most upvoted comments

I followed the instruction in the link mentioned above (https://superset.apache.org/security.html#public) and now the public role is filled with the same permission as the Gamma one plus all the datasource. But still, the system return “Access is Denied”!

+4
trepmag on Apr 17, 2020

I’m using this config-set for Public access

[can dashboard on Superset, can explorev2 on Superset, can explore json on Superset, can csrf token on Superset, can csv on Superset, menu access on Dashboards, all datasource access on all_datasource_access, all database access on all_database_access, can list on DashboardModelViewAsync, can list on DashboardModelView]

You just need to replace all_database_access and all_datasource_access for the public datasource and database.

+4
LeonanCarvalho on Aug 22, 2019

What worked for me in the end, was to move to the latest release, 1.3 (I guess), running

superset update db
superset init

and the permissions got fixed.

I believe you mean “superset db upgrade” (not “superset update db”).

+2
akelai on Sep 1, 2021

It didn’t break mine. But maybe someone from the project could provide a more realistic assessment of the risks involved.

+2
fccoelho on Aug 26, 2021

What worked for me in the end, was to move to the latest release, 1.3 (I guess), running

superset update db
superset init

and the permissions got fixed.

+2
fccoelho on Aug 26, 2021

Issue-Label Bot is automatically applying the label #bug to this issue, with a confidence of 0.63. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

+2
issue-label-bot[bot] on Jun 24, 2019

In my case (v2.0 + k8s deployment from superset helm), rerun

Add PUBLIC_ROLE_LIKE = "Gamma" to superset_config.py and rerun in superset pod superset init works for me.

+1
jinyangzhen on Oct 26, 2022

What worked for me in the end, was to move to the latest release, 1.3 (I guess), running

superset update db
superset init

and the permissions got fixed.

I believe you mean “superset db upgrade” (not “superset update db”).

Yes. sorry for the confusion.

+1
fccoelho on Sep 1, 2021

@Porthos81 @Green-Angry-Bird I re-runned superset-init as mentioned by @ecamellini and finally the related dashboard/charrt were accessible…

+1
trepmag on Jun 2, 2020

To follow up on this, I was able to get this working.

I had to enable a bunch of permission on Public role, specifically: [all datasource access on all_datasource_access, all database access on all_database_access, can explore json on Superset, can explore on Superset, can csrf token on Superset, can dashboard on Superset, can explorev2 on Superset, can fave dashboards on Superset, can fave dashboards by username on Superset, can favstar on Superset, can fave slices on Superset, can show on CssTemplateModelView, can download on CssTemplateModelView, can delete on CssTemplateModelView, can list on CssTemplateModelView, can add on CssTemplateModelView, can edit on CssTemplateModelView, muldelete on CssTemplateModelView, can show on CssTemplateAsyncModelView, can download on CssTemplateAsyncModelView, can delete on CssTemplateAsyncModelView, can list on CssTemplateAsyncModelView, can add on CssTemplateAsyncModelView, can edit on CssTemplateAsyncModelView, muldelete on CssTemplateAsyncModelView, menu access on CSS Templates]

This is a variation on https://github.com/apache/incubator-superset/issues/7763#issuecomment-523949896 but I also fixed the errors that get reported on missing Favourites and missing CSS.

+1
Green-Angry-Bird on May 29, 2020

@trepmag Did you solve this issue??? I have the very same problem and I don’t know how to fix it…

+1
Porthos81 on May 21, 2020
Read more comments on GitHub
← superset: cannot delete user "Associated data exists, please delete them first"
superset: can't connect clickhouse db using superset occur ERROR: Could not load database driver: clickhouse →