Anonymous user can access the dashboards and data(including datasets and databases), however if click charts, it throws an unexpected error like this
Version: 1.5.0
SHA: 24cf33ee
my superset_config.py:
from flask_appbuilder.security.manager import AUTH_LDAP
from celery.schedules import crontab
from superset.typing import CacheConfig
SQLALCHEMY_DATABASE_URI = 'xxxx'
APP_NAME = "xxxx"
# ----------------------------------------------------
# AUTHENTICATION CONFIG
# ----------------------------------------------------
# The authentication type
# AUTH_OID : Is for OpenID
# AUTH_DB : Is for database (username/password)
# AUTH_LDAP : Is for LDAP
# AUTH_REMOTE_USER : Is for using REMOTE_USER from web server
AUTH_TYPE = AUTH_LDAP
# Uncomment to setup Full admin role name
AUTH_ROLE_ADMIN = 'Admin'
# Uncomment to setup Public role name, no authentication needed
AUTH_ROLE_PUBLIC = 'Public'
# Will allow user self registration
AUTH_USER_REGISTRATION = True
# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"
PUBLIC_ROLE_LIKE = "Gamma"
# When using LDAP Auth, setup the LDAP server
# AUTH_LDAP_SERVER = "ldap://ldapserver.new"
AUTH_LDAP_SERVER = " xxxx"
AUTH_LDAP_SEARCH = "xxxx"
AUTH_LDAP_UID_FIELD = "sn"
AUTH_LDAP_LASTTNAME_FIELD = "cn"
AUTH_LDAP_BIND_USER = "xxxx"
AUTH_LDAP_BIND_PASSWORD = "xxxx"
# FEATURE_FLAGS: Dict[str, bool] = {}
FEATURE_FLAGS = {
"ALERT_REPORTS": True,
# This could cause the server to run out of memory or compute.
"ALLOW_FULL_CSV_EXPORT": True,
}
# ---------------------------------------------------
# Thumbnail config (behind feature flag)
# Also used by Alerts & Reports
# ---------------------------------------------------
THUMBNAIL_SELENIUM_USER = "xxxx"
# Default cache for Superset objects
CACHE_CONFIG: CacheConfig = {"CACHE_TYPE": "simple"}
# Cache for datasource metadata and query results
DATA_CACHE_CONFIG: CacheConfig = {"CACHE_TYPE": "simple"}
# CSV Options: key/value pairs that will be passed as argument to DataFrame.to_csv
# method.
# note: index option should not be overridden
CSV_EXPORT = {"encoding": "utf-8"}
# Default celery config is to use SQLA as a broker, in a production setting
# you'll want to use a proper broker as specified here:
# http://docs.celeryproject.org/en/latest/getting-started/brokers/index.html
class CeleryConfig: # pylint: disable=too-few-public-methods
# BROKER_URL = "sqla+sqlite:///celerydb.sqlite"
BROKER_URL = 'xxxx'
CELERY_IMPORTS = ("superset.sql_lab", "superset.tasks")
# CELERY_RESULT_BACKEND = "db+sqlite:///celery_results.sqlite"
CELERY_RESULT_BACKEND = 'xxxx'
CELERYD_LOG_LEVEL = "DEBUG"
CELERYD_PREFETCH_MULTIPLIER = 10
CELERY_ACKS_LATE = True
CELERY_ANNOTATIONS = {
"sql_lab.get_sql_results": {"rate_limit": "100/s"},
"email_reports.send": {
"rate_limit": "1/s",
"time_limit": 300,
"soft_time_limit": 300,
"ignore_result": True,
},
}
CELERYBEAT_SCHEDULE = {
"email_reports.schedule_hourly": {
"task": "email_reports.schedule_hourly",
"schedule": crontab(minute=1, hour="*"),
},
"reports.scheduler": {
"task": "reports.scheduler",
"schedule": crontab(minute="*", hour="*"),
},
"reports.prune_log": {
"task": "reports.prune_log",
"schedule": crontab(minute=0, hour=0),
},
}
# smtp server configuration
EMAIL_NOTIFICATIONS = True # all the emails are sent using dryrun
SMTP_HOST = "xxxx"
SMTP_STARTTLS = True
SMTP_SSL = True
SMTP_USER = "xxxx"
SMTP_PORT = 465
SMTP_PASSWORD = "xxxx"
SMTP_MAIL_FROM = "xxxx"
ENABLE_CHUNK_ENCODING = True
# Enable / disable scheduled email reports
#
# Warning: This config key is deprecated and will be removed in version 2.0.0"
ENABLE_SCHEDULED_EMAIL_REPORTS = True
# A custom prefix to use on all Alerts & Reports emails
EMAIL_REPORTS_SUBJECT_PREFIX = "xxxx"
# The base URL to query for accessing the user interface
WEBDRIVER_BASEURL = "xxxx"
# The base URL for the email report hyperlinks.
WEBDRIVER_BASEURL_USER_FRIENDLY = "xxxx"
WTF_CSRF_TIME_LIMIT = None
update
By removing "menu access of dashboards", "menu access of charts", "menu access of data“ of Public role, anonymous user cannot access these components anymore.
Screenshot
Description
Anonymous user can access the dashboards and data(including datasets and databases), however if click charts, it throws an unexpected error like this
Version: 1.5.0 SHA: 24cf33ee
my superset_config.py: