dosubot[bot] commented on issue #32279:
URL: https://github.com/apache/superset/issues/32279#issuecomment-2661812192
<!-- Answer -->
The issue of a user's role resetting to Gamma after logging out when using
SSO with Superset and Keycloak is likely due to the default role assignment
settings in Superset. When a user logs in via SSO, their role is determined by
the `AUTH_USER_REGISTRATION_ROLE` setting or the `AUTH_ROLES_MAPPING` if
group-to-role mapping is configured.
To fix this bug and correctly promote a user to the Admin role, you should
ensure that the `AUTH_ROLES_MAPPING` is correctly set up to map the appropriate
OAuth groups to the desired Superset roles. Here is how you can configure it:
1. **Set up Role Mapping:**
Ensure that your `superset_config.py` includes the correct mapping of
OAuth groups to Superset roles. For example:
```python
AUTH_ROLES_MAPPING = {
"superset_users": ["Gamma", "Alpha"],
"superset_admins": ["Admin"],
}
```
This configuration maps the OAuth group `superset_admins` to the Superset
role `Admin`.
2. **Enable Role Syncing:**
To ensure that roles are synced at each login, set
`AUTH_ROLES_SYNC_AT_LOGIN` to `True`:
```python
AUTH_ROLES_SYNC_AT_LOGIN = True
```
3. **Check User Registration Role:**
Ensure that the `AUTH_USER_REGISTRATION_ROLE` is set to a role that makes
sense for new users who do not belong to any mapped group:
```python
AUTH_USER_REGISTRATION_ROLE = "Public"
```
By configuring these settings, you can ensure that users are assigned the
correct roles based on their OAuth group membership, and that these roles are
maintained across sessions
<sup>[[1]](https://github.com/apache/superset/blob/master/docs/docs/configuration/configuring-superset.mdx)</sup>.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
---
<sup>Help Dosu learn! Give it feedback: [Great
Response](https://app.dosu.dev/response-feedback/14f6d20f-1a5f-4326-9301-9c3576c9b935?feedback_type=great_response)
| [Irrelevant
Answer](https://app.dosu.dev/response-feedback/14f6d20f-1a5f-4326-9301-9c3576c9b935?feedback_type=irrelevant_answer)
| [Incorrect
Sources](https://app.dosu.dev/response-feedback/14f6d20f-1a5f-4326-9301-9c3576c9b935?feedback_type=incorrect_sources)
| [Too
Verbose](https://app.dosu.dev/response-feedback/14f6d20f-1a5f-4326-9301-9c3576c9b935?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/14f6d20f-1a5f-4326-9301-9c3576c9b935?feedback_type=hallucination)
| [Bug
Report](https://app.dosu.dev/response-feedback/14f6d20f-1a5f-4326-9301-9c3576c9b935?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/14f6d20f-1a5f-4326-9301-9c3576c9b935?feedback_type=other)</sup>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
