docs: Superset 6.1 documentation catch-up — batch 3 (#39445)

Co-authored-by: Superset Dev <dev@superset.apache.org>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Michael S. Molina <70410625+michael-s-molina@users.noreply.github.com>
(cherry picked from commit b4f595953e)

docs/admin_docs/configuration/importing-exporting-datasources.mdx

@@ -30,6 +30,10 @@ Superset's ZIP-based import/export also covers **dashboards**, **charts**, and *
 |  └── ... (more databases)
 ```
 
+:::note
+When you export a database connection, the `masked_encrypted_extra` field (used for sensitive connection parameters such as service account JSON, OAuth tokens, and other encrypted credentials) is included in the export. When importing on another instance, these values are decrypted and re-encrypted using the destination instance's `SECRET_KEY`. Ensure the receiving instance has a valid `SECRET_KEY` configured before importing.
+:::
+
 ## Exporting Datasources to YAML
 
 You can print your current datasources to stdout by running:

docs/admin_docs/security/security.mdx

@@ -183,6 +183,8 @@ However, it is crucial to understand the following:
 
 By combining Superset's configurable safeguards with strong database-level security practices, you can achieve a more robust and layered security posture.
 
+**Dataset Sample Access**: The `get_samples()` endpoint now enforces datasource-level access control. Users can only fetch sample rows from datasets they have been explicitly granted access to — the same permission check applied when running chart queries. This closes a prior gap where unauthenticated or under-privileged access could retrieve sample data.
+
 ### REST API for user & role management
 
 Flask-AppBuilder supports a REST API for user CRUD,