dosubot[bot] commented on issue #33698: URL: https://github.com/apache/superset/issues/33698#issuecomment-2945378238
<!-- Answer --> This is a known limitation in Superset's current permissions model for embedded dashboards. Even with `DASHBOARD_RBAC` disabled, embedded dashboards and guest tokens are designed to grant access to all charts on the dashboard, so dataset-level restrictions aren't enforced as you expect—unauthorized charts will either show an "Access denied" overlay or expose chart metadata, but won't be hidden entirely. There isn't a built-in way to enforce per-chart or per-dataset visibility in embedded mode right now, and no reliable workaround exists for hiding unauthorized charts completely in this context [[source](https://github.com/apache/superset/issues/26201)]. There is an active proposal (SIP-126) to introduce explicit viewer permissions for dashboards and charts, which would allow for more granular access control and could address this limitation in the future. This would involve adding a Viewer property to dashboards and charts and removing the current implicit access model, but it hasn't been implemented yet [[source](https://github.com/apache/superset/issues/32116)]. For now, the only partial options are to carefully design roles and dashboard sharing, or use custom frontend logic to hide chart frames based on access errors, but these are not robust solutions. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/d06c84ad-1526-4c2f-b6bf-900e0efd5359?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/d06c84ad-1526-4c2f-b6bf-900e0efd5359?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/d06c84ad-1526-4c2f-b6bf-900e0efd5359?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/d06c84ad-1526-4c2f-b6bf-900e0efd5359?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/d06c84ad-1526-4c2f-b6bf-900e0efd5359?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/d06c84ad-1526-4c2f-b6bf-900e0efd5359?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/d06c84ad-1526-4c2f-b6bf-900e0efd5359?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [! [Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/33698) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
