import_database does not work on AWS RDS databases. Because Superset tries to add permissions to all catalogs in RDS database, rather than just one catalog

[Oskar-Bonde]

Bug description

This issue is regarding import_database in superset/commands/database/utils.py.

When importing dashboard assets using superset import_directory cli command the import_database function is called. This function tries to connect to and add permissions to all catalogs in a database, rather than the specific catalog specified in the sqlalchemy_uri in database.yaml.

Why is this an issue? If you use an AWS RDS database there is a catalog called rdsadmin. This catalog should only be access by AWS to manage automatic backups. When Superset tries run security_manager.add_permission_view_menu on all schemas in rdsadmin it fails, because it doesn't have access. This also breaks the least privileges principle.

We solved this issue using catalog_names.discard("rdsadmin"), but there should be a proper solution on master.

My suggestion is that superset only runs add_permissions on the catalog specified in the database.yaml.

Screenshots/recordings

No response

Superset version

master / latest-dev

Python version

I don't know

Node version

Not applicable

Browser

Not applicable

Additional context

No response

Checklist

• I have searched Superset docs and Slack and didn't find a solution to my problem.
• I have searched the GitHub issue tracker and didn't find a similar bug report.
• I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.