What permission(s) allows admin to assign ownership without also being added as an owner?

[lilotter45]

A user with the Admin role is able to assign ownership on an object (e.g. a report) to another user and the other use will remain the sole owner of said object. An Alpha user is also able assign a user as an owner, but will also be added as a co-owner of the object.

Does anyone know what permission(s) allow the Admin to make this assignment without also being added as a co-owner?

I have compiled a list of permissions assigned to the Admin but not to Alpha (v5.0.0), but don't see any that stand out for this purpose:

can this form post on ResetPasswordView
can this form get on ResetPasswordView
can this form post on UserInfoEditView
can this form get on UserInfoEditView
can show on UserOAuthModelView
can add on UserOAuthModelView
can list on UserOAuthModelView
can delete on UserOAuthModelView
can edit on UserOAuthModelView
userinfoedit on UserOAuthModelView
can show on RoleModelView
can add on RoleModelView
can list on RoleModelView
can delete on RoleModelView
can edit on RoleModelView
copyrole on RoleModelView
can list on RegisterUserModelView
can show on RegisterUserModelView
can delete on RegisterUserModelView
can info on Permission
can get on Permission
can post on Role
can add role permissions on Role
can info on Role
can put on Role
can list role permissions on Role
can delete on Role
can get on Role
can post on User
can info on User
can put on User
can delete on User
can get on User
can post on ViewMenu
can info on ViewMenu
can put on ViewMenu
can delete on ViewMenu
can get on ViewMenu
can post on PermissionViewMenu
can info on PermissionViewMenu
can put on PermissionViewMenu
can delete on PermissionViewMenu
can get on PermissionViewMenu
can warm up cache on Chart
can set embedded on Dashboard
can export on Database
can write on Database
can warm up cache on Dataset
can read on Query
can write on Row Level Security
can read on Row Level Security
can export on SavedQuery
can read on SavedQuery
can write on SavedQuery
can execute sql query on SQLLab
can read on SQLLab
can get results on SQLLab
can export csv on SQLLab
can write on SqlLabPermalinkRestApi
can read on SqlLabPermalinkRestApi
can add on DynamicPlugin
can write on DynamicPlugin
can download on DynamicPlugin
can delete on DynamicPlugin
can edit on DynamicPlugin
can warm up cache on Superset
can sqllab history on Superset
can post on TabStateView
can delete query on TabStateView
can put on TabStateView
can activate on TabStateView
can delete on TabStateView
can migrate query on TabStateView
can get on TabStateView
can read on Log
can write on Log
can grant guest token on SecurityRestApi
menu access on Security
menu access on List Users
menu access on List Roles
menu access on User Registrations
menu access on Action Log
menu access on Row Level Security
menu access on SQL Lab
menu access on SQL Editor
menu access on Saved Queries
menu access on Query Search
all query access on all_query_access
can sqllab on Superset

[dosubot[bot]]

This behavior isn't controlled by a specific permission — it's hardcoded role-based logic in the populate_owner_list() function in superset/commands/utils.py. The key line is:

if g.user.id not in owner_ids and not security_manager.is_admin():
    owner_ids.append(g.user.id)

This means non-admin users (including Alpha) are always auto-added as co-owners when they assign ownership, while Admin users bypass this because security_manager.is_admin() returns True for them [1]. The is_admin() check simply looks for the role matching the AUTH_ROLE_ADMIN config value (defaults to "Admin") [2].

So unfortunately, there's no permission you can grant to the Alpha role to get the same behavior — it's a hardcoded Admin-only bypass. To give Alpha users this ability, you'd need to either modify populate_owner_list() in the source code or create a custom security manager that overrides is_admin() to include Alpha users (though that could have broader unintended side effects).

To reply, just mention @dosu.

---

Share context across your team and agents. Try Dosu.