A Gamma user isn't allowed to delete a dashboard. However, they can still go through the entire Delete process — only for the actual deletion to fail when trying to delete the dashboard for real.
How to reproduce the bug
- Log as a Gamma user,
- Go to
/dashboard/list/or click on the Dashboards menu - Try do delete a single dashboard:
- Click on a given dashboard's tile burger menu (the
⋮button), - Click on “Delete” in the dropdown menu,
- Confirm deletion,
- … fortunately, an error arise and the deletion doesn't actually happen.
- Try to delete multiple dashboards at once:
- Click on the “Bulk Select” button,
- Select one or multiple dashboard,
- Click on the “Delete” button,
- Confirm deletion,
- … fortunately, an error arise and the deletion doesn't actually happen.
Expected results
- Log as a Gamma user,
- Go to
/dashboard/list/or click on the Dashboards menu - Try do delete a single dashboard:
- Click on a given dashboard's tile burger menu (the
⋮button), - there should be no “Delete” option in the dropdown menu.
- Try to delete multiple dashboards at once:
- Click on the “Bulk Select” button,
- Select one or multiple dashboard,
- there should not be a “Delete” button.
Actual results
Cf. § How to reproduce the bug
Environment
(please complete the following information):
- browser type and version: not relevant
- superset version:
1.4.1 - python version:
3.7 - any feature flags active: not relevant?
FEATURE_FLAGS ={
"ALERT_REPORTS": True,
"DASHBOARD_NATIVE_FILTERS": True,
"DASHBOARD_RBAC": True,
"DYNAMIC_PLUGINS": False,
"LISTVIEWS_DEFAULT_CARD_VIEW": True,
"ROW_LEVEL_SECURITY": True,
"THUMBNAILS_SQLA_LISTENERS": True,
"THUMBNAILS": True,
"VERSIONED_EXPORT": True,
"ENABLE_TEMPLATE_PROCESSING": True,
}
Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [ ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [x] I have reproduced the issue with at least the latest released version of superset.
- [x] I have checked the issue tracker for the same issue and I haven't found one similar.
Comment From: stale[bot]
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.
Comment From: rusackas
Has anyone validated if this is still an issue in Superset 2.0.x?
Comment From: rusackas
Closing this as stale since it's been silent for so long, and we're trying to steer toward a more actionable Issues backlog. If people are still encountering this in current versions (currently 3.x) please re-open this issue, open a new Issue with updated context, or raise a PR to address the problem. Thanks!
Comment From: qleroy
I can validate this issue as of 3.1.0 @rusackas
Actually there are several issues with the Gamma role that are worth mentioning, the documentation hints that GAMMA is for read-only usage, (with the capacity to create dashboards/charts nonetheless), but I've found several issues that led me to only use dashboard_rbac to achieve a true read-only mode. These issues include: - somewhat descriptive error when trying to delete dashboard / chart - ability to see the list of users - ability to access the schema of forbidden datasets - ability to access the page to edit a chart
For what it's worth I have this screen recording demoing these issues
https://youtu.be/tKU4XXQP-ps
Comment From: rusackas
Ok... thanks for the context! I'll re-open this, then. It might be nice to get granular (more easily actionable) Issues to address these things. I'm not sure if PRs here would be considered breaking changes to some users. If so, this would be worth itemizing for consensus gathering on the Superset 5.0 project board. Any interest in that effort?
Comment From: rusackas
How about now, in 4.x, @qleroy? :)
Comment From: rusackas
Tempted to close this as stale... but I already did that once ;) I'm assuming this is still the case in 4.1.1 or newer? It sounds more like an annoyance than a danger, so it doesn't seem to get prioritized. We're open to contributions here if anyone is interested.
Comment From: qleroy
Still occuring in 4.x, 5.0.0rc, Indeed, this raises a caught error, not a danger
Comment From: rusackas
Still hoping the linked PR can be brought to a mergeable state so we can close this one out. Thanks in advance, @fnardin-maystreet