Lack of permissions for gamma users

apache / superset

Apache Superset is a Data Visualization and Data Exploration Platform

Apache License 2.0

62.91k stars 13.91k forks source link

Bug description

I Just upgrade from superset 2.0.3 to 4.0.2 and it look wonderful, however I found something strange, my users who work with Gamma, sqllab and access to a specific psql base can't execute querys with psql functions like MAX, SUM, LPAD and quotes, but as an administrator I can run them, so I think that in the update they took away some privilege from Gamma that I would like to add so that they can continue working the same way as always.

Screenshots/recordings

With apache superset 2.1.3 run well:

2-1-3

But the same query with apache superset 4.0.2 this happends:

4-0-2

If I remove the quotes the query runs, but my users doesn't want to rewrite all his work

4-0-2-2

Superset version

4.1.0

Python version

3.9

Node version

Browser

Chrome

Additional context

I would like to test in superset 4.1.0 but unfortunately I work in a kubernetes cluster so I dependent of the docker images.

Checklist

[X] I have searched Superset docs and Slack and didn't find a solution to my problem.
[X] I have searched the GitHub issue tracker and didn't find a similar bug report.
[X] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

Hello @antonio-tg 👋! I'm here to help you with any bugs, questions, or contributions you may have regarding Superset. Let's work together to resolve this issue!

In Superset 4.0.2, there was a change that added the ability to disallow SQL functions per engine, which might be affecting the Gamma role's ability to execute certain SQL functions like MAX, SUM, LPAD, and others ^[1]. This change could be the reason why your Gamma users are experiencing issues with executing queries that include these functions.

To address this, you may need to adjust the SQL function execution permissions for the Gamma role. Unfortunately, I don't have specific instructions on how to configure these permissions directly. However, you might want to look into the Superset configuration settings related to SQL function execution permissions per engine, as this is where the change was introduced.

If you have access to the Superset configuration files, you could check for any settings related to SQL function permissions and adjust them accordingly. Alternatively, you might consider creating a custom role with the necessary permissions if modifying the existing Gamma role does not resolve the issue.

To continue talking to Dosu, mention @dosu.

apache / superset