DAOdash permissions scheme

Created By:  Last Updated: 1/24/2022

⚠️

The DAO Dash project became inactive at the end of Season 6. It is no longer actively maintained/supported by Bankless DAO contributors

Superset comes pre-configured with a set of default roles and a strong advisory not to change those roles as those permissions will be overwritten every time we run “superset init”

Default roles: 

Admin - all possible rights including user management and ability to modify other people’s slices and dashboards.

Alpha - access to all data sources. Can add and alter data sources. Limited to altering objects that they own.

Gamma - can only consume data from data sources that they’ve been given access to through a complementary role. Assumed to be content consumers, though they can create dashboards and slices.

sql_lab - Grants access to the SQL lab. Both Alpha and Gamma need to be given access on a per-database basis.

Public - Defines access to logged-out/anonymous users. Still restricted on a per-database basis.

Assumptions: 

Each DAO has its own database in Superset

In addition, there’s a Benchmark database containing the roll-up/anonymized cross-DAO info.

Permissions scheme: 

Under the assumptions above, while Superset supports more granular role permissions, as well as row-based-permissions, the following permissions scheme should be sufficient for DAOdash’s current scale and maturity: 

As part of a DAO’s onboarding process, a new <DAO name> role will be created with a single permission: “database access on <DAO database name>”

Gamma is missing a single permission, “can save on datasource”, for the scheme to work as intended. Since Gamma will reset to its default permissions every time Superset is initialized, we created a “Gamma Plus” role that includes that additional permission.

All DAOdash users will be grated Superset roles according to the following mapping:

User Type	Superset Roles
DAOdash engineering team	Admin
DAOdash CX team	Admin
All other DAOdash team members	Alpha, sql_lab
Independent analysts	Gamma Plus, sql_lab, Benchmark
DAO-specific analysts	Gamma Plus, sql_lab, <DAO name>
DAO-specific users (for example: discord bot retrieving dashboards and charts)	Gamma Plus, < DAO name>

DAOdash permissions scheme

Created By:  Last Updated: 1/24/2022

⚠️

The DAO Dash project became inactive at the end of Season 6. It is no longer actively maintained/supported by Bankless DAO contributors

Superset comes pre-configured with a set of default roles and a strong advisory not to change those roles as those permissions will be overwritten every time we run “superset init”

Default roles: 

Admin - all possible rights including user management and ability to modify other people’s slices and dashboards.

Alpha - access to all data sources. Can add and alter data sources. Limited to altering objects that they own.

Gamma - can only consume data from data sources that they’ve been given access to through a complementary role. Assumed to be content consumers, though they can create dashboards and slices.

sql_lab - Grants access to the SQL lab. Both Alpha and Gamma need to be given access on a per-database basis.

Public - Defines access to logged-out/anonymous users. Still restricted on a per-database basis.

Assumptions: 

Each DAO has its own database in Superset

In addition, there’s a Benchmark database containing the roll-up/anonymized cross-DAO info.

Permissions scheme: 

Under the assumptions above, while Superset supports more granular role permissions, as well as row-based-permissions, the following permissions scheme should be sufficient for DAOdash’s current scale and maturity: 

As part of a DAO’s onboarding process, a new <DAO name> role will be created with a single permission: “database access on <DAO database name>”

Gamma is missing a single permission, “can save on datasource”, for the scheme to work as intended. Since Gamma will reset to its default permissions every time Superset is initialized, we created a “Gamma Plus” role that includes that additional permission.

All DAOdash users will be grated Superset roles according to the following mapping:

User Type	Superset Roles
DAOdash engineering team	Admin
DAOdash CX team	Admin
All other DAOdash team members	Alpha, sql_lab
Independent analysts	Gamma Plus, sql_lab, Benchmark
DAO-specific analysts	Gamma Plus, sql_lab, <DAO name>
DAO-specific users (for example: discord bot retrieving dashboards and charts)	Gamma Plus, < DAO name>