Skip to content

Issue #9 - [BUG] Hide "View in SQL Lab" button for users without SQL Lab access #30

New issue
New issue
Open
Open
Issue #9 - [BUG] Hide "View in SQL Lab" button for users without SQL Lab access#30
@rogelio-cmj

Description

@rogelio-cmj
rogelio-cmj
opened on Oct 21, 2025

Motivation

Superset implements role-based access control (RBAC) to ensure users only interact with features they have permission to use. When users click on a chart's "View query" option, they see a modal displaying the SQL query. This modal currently shows a "View in SQL Lab" button to all users, regardless of whether they have access to SQL Lab.

This creates a poor user experience and potential security concern.

Current Behavior

The "View query" modal displays a "View in SQL Lab" button to all users, even those who lack the menu access on SQL Lab permission.

Reproduction Steps:

  1. Create a user account with a role that does NOT include the menu access on SQL Lab permission (e.g., a basic viewer role)
  2. Log in with this restricted user account
  3. Navigate to any dashboard with charts
  4. Click on a chart's ellipsis menu (three dots) and select "View query"
  5. Observe: The modal opens and displays a "View in SQL Lab" button, even though the user cannot access SQL Lab

Expected Behavior

The "View query" modal should conditionally render the "View in SQL Lab" button based on the user's permissions. Users without the menu access on SQL Lab permission should not see this button at all.

Acceptance Criteria:

  • Users with menu access on SQL Lab permission see the "View in SQL Lab" button in the View query modal
  • Users without menu access on SQL Lab permission do NOT see the "View in SQL Lab" button in the View query modal
  • Other modal functionality (Copy button, SQL display, format toggle) remains visible and functional for all users regardless of SQL Lab access

Steps To Test

  1. Create two test user accounts: one with SQL Lab access and one without
  2. Log in as the user WITH SQL Lab access
  3. Open a dashboard, click on a chart's ellipsis menu, and select "View query"
  4. Confirm the "View in SQL Lab" button is visible
  5. Log out and log in as the user WITHOUT SQL Lab access
  6. Repeat step 3
  7. Confirm the "View in SQL Lab" button is NOT visible, but the Copy button and other modal elements are still present

Submission

Download https://cap.so/ to record your screen (use Studio mode). Export as an mp4, and drag and drop into an issue comment below.

Guide to submitting pull requests: https://hackmd.io/@timothy1ee/Hky8kV3hlx

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions