[dashboard] [native-filter] Unable to view Dashboard Native Filter's UI/Sidepanel with non-admin & non-owners users

[usamaB]

A clear and concise description of what the bug is.

How to reproduce the bug

• Enable Dashboard native filter
• Create/publish a dashboard.
• Dashboard native filters are only accessible by the owner of the dashboard or the admin, other users can't access it

Expected results

Actual results

Environment

(please complete the following information):

• browser type and version: Google Chrome
• superset version: superset version 1.3.1/1.4.0
• python version: python --version 3.7
• any feature flags active: DASHBOARD_NATIVE_FILTERS, DASHBOARD_CROSS_FILTERS

Checklist

Make sure to follow these steps before submitting your issue - thank you!

• [x] I have checked the superset logs for python stacktraces and included it here as text if there are any.
• [x] I have reproduced the issue with at least the latest released version of superset.
• [x] I have checked the issue tracker for the same issue and I haven't found one similar.

[usamaB]

@geido can you explain what does need validation label means?

[geido]

Hello @usamaB it simply means that a committer should verify whether the issue can be reproduced.

[usamaB]

@geido How can I do that? It's just enabling the filter and it's not working for non-owners/Admins.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

[isabellalacerda]

Did you find any solutions? I have the same problem when I try to make a public dashboard

[byk0t]

Hi, @isabellalacerda and @usamaB , I have fixed the issue by adding can_read on DashboardFilterStateRestApi and can_write on DashboardFilterStateRestApi permissions for the Public role

[sfirke]

@byk0t thank you! I was stuck and those permissions fixed it. I wish there was a list of which privileges are needed for public role to view dashboards (including those with native filters).

[byk0t]

@sfirke Actually I have such list. You can check it out here https://gist.github.com/byk0t/bd6e9c3839967b4ac28a8da30f468b2a

[alanorth]

@sfirke Actually I have such list. You can check it out here https://gist.github.com/byk0t/bd6e9c3839967b4ac28a8da30f468b2a

@byk0t Thanks. So we need these permissions in addition to the ones from Gamma? On a related note, I don't want public users to be able to export CSVs or run SQL, so I have to manually remove those every time I sync from Gamma using superset init...

[byk0t]

@sfirke Actually I have such list. You can check it out here https://gist.github.com/byk0t/bd6e9c3839967b4ac28a8da30f468b2a

@byk0t Thanks. So we need these permissions in addition to the ones from Gamma? On a related note, I don't want public users to be able to export CSVs or run SQL, so I have to manually remove those every time I sync from Gamma using superset init...

@alanorth you don't need to sync with Gamma at all. You can remove this line PUBLIC_ROLE_LIKE = "Gamma".

[alanorth]

@byk0t neither Gamma nor the permissions in your superset-public-permissions.json example were enough to let public/anonymous users view dashboards in my case (Superset 1.5.1). So what I did was sync with Gamma, then import yours, then manually remove all the permissions I didn't want anonymous to have (menu access, SQL Lab, Explore, CSV export, Swagger / OpenAPI, etc). I wish this was a bit more well documented...

[byk0t]

@byk0t neither Gamma nor the permissions in your superset-public-permissions.json example were enough to let public/anonymous users view dashboards in my case (Superset 1.5.1). So what I did was sync with Gamma, then import yours, then manually remove all the permissions I didn't want anonymous to have (menu access, SQL Lab, Explore, CSV export, Swagger / OpenAPI, etc). I wish this was a bit more well documented...

@alanorth In my case Public user was able to see dashboards (for the latest version and for 1.5.0). And I didn't sync with Gamma. Make sure you setup the permissions correctly.

[swordrada]

@byk0t hi I have an opposite requirement that I don't want to display filter state navigation bar of a dashboard when visited by users not logged in.But when I cancel two permissions you mentioned above, superset will redirect to login page automatically.So how can I make this filter state navigation bar invisible when visited by anonymous users?

[rusackas]

I'm guessing since everyone has a handle on the required permission, and can freely change that, it's safe to close this issue since it's been silent for a year and a half. If people are still encountering this in current versions (3.x) please open a new Issue with updated context or a PR/proposal to address the problem. Thanks!