Superset comes with a set of characters handled by Superset itself. As Superset develops, you can assume these characters will stay up to date. It is not recommended that you change these roles in any way by removing or adding permissions, as these roles will be resynced to their original values when you run the next supercluster initialization command.
Superset supports user-defined creation of a role, for example: you can create a role Financial Analyst, which will consist of a set of data sources (tables) and/or databases. The user will then be granted the Gamma, Financial Analyst, or sql_lab roles.
The default roles of Superset are: Admin, Alpha, Gamma, sql_lab, Public. The following describes the permissions of each role in detail:
1、Admin
Administrators have all rights, including granting or revoking rights to other users and to change other people's slices and dashboards.
2、 Alpha
Alphas have access to all data sources, but cannot grant or revoke access to other users, and they can only modify their own data. Alpha users can add and modify data sources.
3、 Gamma
Gamma access is limited. They can only use data from the data source they access through another supplementary role. They only have access to view slices and dashboards made from data sources they have access to. Currently, Gamma users cannot change or add data sources. We assume they are mostly content consumers, although they can create slices and dashboards.
Also note that when Gamma users view the Dashboard and Slice List Views, they will only see the objects they have access to.
4、sql_lab
The sql_lab role is used to grant users who need access to sql lab, while the administrator user can access all databases. By default, Alpha and Gamma users need access to one database.
5、Public
Allows logged in users to access some of Superset's features.
In superset's config.py file, the public_role_like_gamma property is set to true, and the public role permissions you grant are set to have the same effect as Gamma. If you want to enable anonymous users to view the dashboard, you can do so. But explicit authorization is still required for specific datasets, which means you need to edit the Public role and manually add Public's data source to the role
Custom role management
A role is composed of a set of permissions, and there are many categories of permission sets. Here are the different categories of permissions:
Models and Actions : Models are entities like dashboards, slices, or users. Each model has a fixed set of permissions, such as can_edit, can_show, can_delete, can_list, can_add, etc. By adding can_delete to a role on the dashboard, and granting the role to the user, that user will be able to delete the dashboard.
Views : Views are individual web pages such as Explore View or SQL Lab View. When granted to the user, he/she will see the view in the menu item and be able to load the page.
Data Sources : For each data source, a permission is created. If the user does not have the all_datasource_access permission, the user can only see slices or explore the data sources granted to them.
Database : Grants access to a database, allows the user to access all data sources in that database, and allows the user to query that database in SQL Lab, as long as the user is granted SQL Lab-specific permissions.