Role-based control to hide Dashboard header “Download” menu for read-only users #38582
rpetchiappan
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Problem statement
In Apache Superset, we can enforce read-only access with RBAC, but in the Dashboard header (three-dot menu), the Download submenu (e.g., “Export to PDF”, “Download as Image”) is still visible to view-only users.
Even when export/write/share permissions are removed, this menu visibility causes confusion for business users because it suggests a capability they should not have.
Proposed feature
Add a role-aware UI visibility control for Dashboard header actions, specifically:
Hide Download submenu for users/roles without explicit dashboard download/export permission.
Keep it visible for users with appropriate permissions (e.g., Admin/editor roles).
Suggested implementation options (narrow scope)
Permission-based visibility check in dashboard header menu rendering:
Show Download only if user has explicit dashboard download/export capability.
Optional config flag (default backward compatible), e.g.:
DASHBOARD_HIDE_DOWNLOAD_FOR_READONLY = True
Long-term: unify menu visibility with server-side action permissions to avoid UI/action mismatch.
Why this helps
Reduces user confusion in governed BI environments.
Improves consistency between visible actions and effective permissions.
Avoids custom frontend patches for common enterprise RBAC requirements.
Environment context
Deployed via Docker
Custom RBAC role for dashboard read-only users
Dashboard-level read is required, but download visibility should be restricted by role
Beta Was this translation helpful? Give feedback.
All reactions