From 8af79150f8a236ddea01fd96dba82cbbacf8826a Mon Sep 17 00:00:00 2001 From: Amin Ghadersohi Date: Tue, 19 May 2026 13:57:35 +0000 Subject: [PATCH] fix(mcp): distinguish execute_sql permission from write access in instructions Remove 'or running SQL' from the write-operations bullet so that SQL execution is not grouped under can_write. execute_sql is controlled by the separate execute_sql_query permission on SQLLab, which is already called out in its own bullet below. Co-Authored-By: Claude Sonnet 4.6 --- superset/mcp_service/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset/mcp_service/app.py b/superset/mcp_service/app.py index 144812f561a..8f4ace4de51 100644 --- a/superset/mcp_service/app.py +++ b/superset/mcp_service/app.py @@ -365,7 +365,7 @@ Input format: {_feature_availability}Permission Awareness: {_instance_info_role_bullet}- ALWAYS check the user's roles BEFORE suggesting write operations (creating datasets, - charts, dashboards, or running SQL). + charts, or dashboards). SQL execution is a separate permission — see execute_sql below. - Write tools (generate_chart, generate_dashboard, update_chart, create_virtual_dataset, save_sql_query, add_chart_to_existing_dashboard, update_chart_preview) require write permissions. These tools are only listed for users who have the necessary access.