Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to programmatically create and assign a Superset custom role
See original GitHub issueIs your feature request related to a problem? Please describe. Currently no docs exist for creating a role programmatically - only via the UI. Also, no docs exist for programmatically customizing what happens after a database connection is created by a user in the UI.
Describe the solution you’d like Some docs similar to to what follows should be added and embellished upon.
INTRODUCTION and OVERVIEW
We have, via the UI, created a “Gamma_modified” role. A user with this role can create database connections. And currently, they can then be manually granted access to their created database connection.
It is our aim to
- create the Gamma_modified role programmatically one time, when first building Superset.
- bind the
Gamma_modifiedrole toAUTH_USER_REGISTRATION_ROLEin oursuperset_config.pyso that it is the default role of new users. It is a misfeature of superset that one cannot simply list two roles for the default user registration role - https://github.com/apache/incubator-superset/issues/8861 - automatically grant access to a newly created database connection by the creator of the connection.
Creating a Gamma_modified Role Programmatically
The docs show how to create a role via the UI, but our delivery pipeline demands automatic creation of a role which contains the following properties beyond teh standard gamma role:
['can add', 'DatabaseAsync']
['can delete', 'DatabaseAsync']
['can download', 'DatabaseAsync']
['can edit', 'DatabaseAsync']
['muldelete', 'DatabaseAsync']
['yaml export', 'DatabaseAsync']
['can add', 'DatabaseView']
['can delete', 'DatabaseView']
['can download', 'DatabaseView']
['can edit', 'DatabaseView']
['muldelete', 'DatabaseView']
['yaml export', 'DatabaseView']
['can add', 'SqlMetricInlineView']
['can delete', 'SqlMetricInlineView']
['can download', 'SqlMetricInlineView']
['can edit', 'SqlMetricInlineView']
['can add', 'TableColumnInlineView']
['can delete', 'TableColumnInlineView']
['can download', 'TableColumnInlineView']
['can edit', 'TableColumnInlineView']
['can add', 'TableModelView']
['can delete', 'TableModelView']
['can download', 'TableModelView']
['can edit', 'TableModelView']
['muldelete', 'TableModelView']
['refresh', 'TableModelView']
['yaml export', 'TableModelView']
bind AUTH_USER_REGISTRATION_ROLE to a custom role
It is presumed that any defined role can be chosen in our superset_config.py just by providing its value to AUTH_USER_REGISTRATION_ROLE.
Automatically granting the creator of a role access to it.
Presumably a SQLAlchemy post-commit hook can be added to some class to automatically grant access to the creator of a database connection.
Discussion Reflection, and Implementation
Creating a Gamma_modified Role Programmatically
The following code creates and saves a Gamma_modified role:
from superset import app, appbuilder, db, examples, security_manager
import gamma_extra
sm = security_manager
sm.sync_role_definitions()
gamma_modified_role = sm.add_role("gamma_modified")
for perm, view in gamma_extra.perm_views:
pv = sm.find_permission_view_menu(perm, view)
sm.add_permission_role(gamma_modified_role, pv)
for role in ["Gamma", "sql_lab"]:
for perm in sm.find_role(role).permissions:
sm.add_permission_role(gamma_modified_role, perm)
sm.get_session.commit()
(Automatically) granting the creator of a role access to it.
The following code assigns database_access to the creator of a database:
from superset import app, appbuilder, db, examples, security_manager
from superset.models import core as models
sm = security_manager
def self_permit(u, db):
pv = sm.add_permission_view_menu("database_access", db.perm)
role_name = f"(SP) database_access on {db.perm}"
role = sm.add_role(role_name)
sm.add_permission_role(role, pv)
u.roles.append(role)
sm.get_session.commit()
for database in db.session.query(models.Database):
print(database)
# print(database.creator)
c = database.created_by
print(type(c)) # <class 'flask_appbuilder.security.sqla.models.User'>
try:
print(c.id)
p = database.perm
print(type(p))
print(p)
u = sm.find_user('user3')
self_permit(u, database)
except:
pass
Questions
Is there a post-commit hook that can run after a user creates a database connection that I can add this code to so that right after a user creates a connection, they receive database_access to it?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:12
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Issue-Label Bot is automatically applying the label
#enhancementto this issue, with a confidence of 0.78. Please mark this comment with 👍 or 👎 to give our bot feedback!Links: app homepage, dashboard and code for this bot.
Has anyone been able to create custom roles using superset_config.py?