DASHBOARD_RBAC does not provide access to datasources used in DARSHBOARD_NATIVE_FILTERS

The Dashboard RBAC functionality provides implicit access to datasources used for all charts on a dashboard, so that charts can retrieve underlying data even if user does not have explicit access to datasources. This does not cover Dashboard Native Filters correctly - in case native filter uses a datasource which is not used by any chart on the dashboard, the implicit access is not granted and the filter fails to load data.

How to reproduce the bug

1. Create two datasources (A and B) that share a column name (“x”) and type, so that it is possible to use filter created on A to filter the B
2. Create a chart using datasource B
3. Create a dashboard and add the chart to it
4. Add a native filter using datasource A and column “x”
5. Save the dashboard and make it public
6. Create a role with access rights enough to view dashboards, but with NO explicit access to datasources A and B, e.g.
7. Assign this role to the dashboard:
8. Create a new user account and grant the role to it
9. Log in using this user account and access the dashboard

Expected results

The native filter is filled with data from datasource A.

Actual results

The native filter is stuck at “No data / Loading…”

Screenshots

Included in reproduction procedure

Environment

• browser type and version: Microsoft Edge 97.0.1072.69
• superset version: 1.4.1
• python version: python --version
• node.js version: node -v
• any feature flags active: DASHBOARD_RBAC, DASHBOARD_NATIVE_FILTERS (both are important for this bug)

Checklist

Make sure to follow these steps before submitting your issue - thank you!

• I have checked the superset logs for python stacktraces and included it here as text if there are any.
• I have reproduced the issue with at least the latest released version of superset.
• I have checked the issue tracker for the same issue and I haven’t found one similar.

Additional context

A HTTP403 response to “/api/v1/chart/data” is visible in network logs with the following content {"errors": [{"message": "This endpoint requires the datasource ..., database or\n all_datasource_access permission", "error_type": "DATASOURCE_SECURITY_ACCESS_ERROR", "level": "error", "extra": {"link": "", "datasource": "..."}}]} There is no problem if datasource A is used by any chart on dashboard, only if it is not used by any chart (used solely by the filter). There is no problem when using legacy filterboxes (because they are “charts” and thus the implicit access is granted?)