TVL Managed Superset
Get started

Public Apache Superset Dashboards: Security and SEO 2026

Publish public Apache Superset dashboards: configuration, security, anonymization, SEO, cache.

· Tuvalu Tech OÜ

Publishing an Apache Superset dashboard as public (anonymous access, no login) opens varied use cases: government open data, transparency reports, marketing dashboards, public monitoring dashboards. This guide details configuration, security, and SEO in 2026.

1. Typical use cases

  • Open data: government portals, NGOs;
  • Transparency reports: environmental impact, diversity;
  • Status pages: uptime, performance of a SaaS;
  • Marketing: data showroom, sales demos;
  • Sector statistics: public benchmarks.

If you want a Superset ready for public mode, TVL Managed Superset offers a "public dashboards" option secured by default.

2. Enable public access

In superset_config.py:

PUBLIC_ROLE_LIKE = "Gamma"

# Public role permissions to adjust manually
# UI: Settings → List Roles → Public → assign authorized datasets

The Public role allows an unauthenticated visitor to see explicitly authorized dashboards and datasets.

3. Enable a dashboard publicly

  1. UI → Dashboard → Properties → tick Owners with the Public role;
  2. Referenced datasets: also accessible to the Public role;
  3. Test in incognito mode: https://superset.example.com/dashboard/42/ must display without login.

4. Critical security

Public access opens the door to major risks if misconfigured:

  • Sensitive data accidentally exposed;
  • SQL Lab must be disabled for Public;
  • Non-whitelisted datasets potentially accessible;
  • No RLS applicable on Public (no identified user).

This configuration is applied by default on TVL Managed Superset, which follows community best practices.

5. Public security best practices

  1. Disable can_sql_json for the Public role;
  2. Whitelist explicitly accessible datasets;
  3. Anonymize source datasets (no PII in public views);
  4. Aggressive ingress rate limiting (anti-scraping);
  5. Very aggressive Redis cache (24h) to absorb traffic;
  6. Regular audit log of accessed dashboards.

6. SEO of public dashboards

For a public dashboard to rank on Google:

  • Static HTML landing page (with your framework) that presents the dashboard and embeds a Superset iframe;
  • Keyword-rich meta description;
  • Structured data Dataset JSON-LD;
  • Sitemap including the landing page;
  • Internal links from your main site.

7. Performance under public traffic

A viral dashboard can take 100 requests/second. Configure:

  • Redis cache at 24h on public charts;
  • CDN Cloudflare in front of the ingress;
  • Ingress rate limit: 60 req/min/IP;
  • Kubernetes HPA that scales Superset web pods automatically;
  • Read replica of metadata DB to avoid saturation.

8. Common pitfalls

  • Nominative data unintentionally exposed (name, email);
  • Linked datasets not whitelisted but accessible via SQL Lab;
  • Cache too short → DB saturated by traffic;
  • No monitoring of public traffic → undetected DDoS attacks;
  • SEO penalized by "thin content" on the landing page.

9. Alternatives to public mode

  • Embedded SDK with "public" guest token + RLS that filters the data;
  • Static snapshot (PDF/PNG) regularly published;
  • Custom page consuming Superset API and rendering in frontend.

10. Conclusion

Apache Superset public dashboards are possible and useful but require rigorous security configuration. For organizations hesitating, the static snapshot or custom page + API alternative eliminates risks. For public actors or NGOs, it's an excellent way to share data at no cost.

Want the benefits of Apache Superset without the friction of installation and maintenance? Deploy your instance in 3 clicks with TVL Managed Superset, hosted in Europe (OVHcloud, Roubaix, France).

For more: embedded dashboards, security hardening, iframe integration.