chore(reports): change default executor to owner (#22799)

UPDATING.md

@@ -50,8 +50,9 @@ assists people when migrating to a new version.
 
 ### Breaking Changes
 
-- [23651](https://github.com/apache/superset/pull/23651) Removes UX_BETA feature flag.
-- [23663](https://github.com/apache/superset/pull/23663) Removes deprecated feature flags `ALLOW_DASHBOARD_DOMAIN_SHARDING`, `DISPLAY_MARKDOWN_HTML`, and `FORCE_DATABASE_CONNECTIONS_SSL`.
+- [22799](https://github.com/apache/superset/pull/22799): Alerts & Reports has been changed to execute as the owner of the alert/report by default, giving priority to the last modifier and then the creator if either is contained within the list of owners, otherwise the first owner will be used. To continue using the selenium user, please add the following to your `superset_config.py`: `ALERT_REPORTS_EXECUTE_AS = ["selenium"]`
+- [23651](https://github.com/apache/superset/pull/23651): Removes UX_BETA feature flag.
+- [23663](https://github.com/apache/superset/pull/23663): Removes deprecated feature flags `ALLOW_DASHBOARD_DOMAIN_SHARDING`, `DISPLAY_MARKDOWN_HTML`, and `FORCE_DATABASE_CONNECTIONS_SSL`.
 - [22798](https://github.com/apache/superset/pull/22798): To make the welcome page more relevant in production environments, the last tab on the welcome page has been changed from to feature all charts/dashboards the user has access to (previously only examples were shown). To keep current behavior unchanged, add the following to your `superset_config.py`: `WELCOME_PAGE_LAST_TAB = "examples"`
 - [22328](https://github.com/apache/superset/pull/22328): For deployments that have enabled the "THUMBNAILS" feature flag, the function that calculates dashboard digests has been updated to consider additional properties to more accurately identify changes in the dashboard metadata. This change will invalidate all currently cached dashboard thumbnails.
 - [21765](https://github.com/apache/superset/pull/21765): For deployments that have enabled the "ALERT_REPORTS" feature flag, Gamma users will no longer have read and write access to Alerts & Reports by default. To give Gamma users the ability to schedule reports from the Dashboard and Explore view like before, create an additional role with "can read on ReportSchedule" and "can write on ReportSchedule" permissions. To further give Gamma users access to the "Alerts & Reports" menu and CRUD view, add "menu access on Manage" and "menu access on Alerts & Report" permissions to the role.

docs/docs/installation/alerts-reports.mdx

@@ -175,36 +175,18 @@ to specify on behalf of which username to render the dashboards. In general dash
 are not accessible to unauthorized requests, that is why the worker needs to take over credentials
 of an existing user to take a snapshot.
 
-By default, Alerts and Reports are executed as the user that the `THUMBNAIL_SELENIUM_USER` config
-parameter is set to. To change this user, just change the config as follows:
-
-```python
-THUMBNAIL_SELENIUM_USER = 'username_with_permission_to_access_dashboards'
-```
-
-In addition, it's also possible to execute the reports as the report owners/creators. This is typically
-needed if there isn't a central service account that has access to all objects or databases (e.g.
-when using user impersonation on database connections). For this there's the config flag
-`ALERTS_REPORTS_EXECUTE_AS` which makes it possible to customize how alerts and reports are executed.
-To first try to execute as the creator in the owners list (if present), then fall
-back to the creator, then the last modifier in the owners list (if present), then the
-last modifier, then an owner (giving priority to the last modifier and then the
-creator if either is contained within the list of owners, otherwise the first owner
-will be used) and finally `THUMBNAIL_SELENIUM_USER`, set as follows:
+By default, Alerts and Reports are executed as the owner of the alert/report object. To use a fixed user account,
+just change the config as follows (`admin` in this example):
 
 ```python
 from superset.tasks.types import ExecutorType
 
-ALERT_REPORTS_EXECUTE_AS = [
-    ExecutorType.CREATOR_OWNER,
-    ExecutorType.CREATOR,
-    ExecutorType.MODIFIER_OWNER,
-    ExecutorType.MODIFIER,
-    ExecutorType.OWNER,
-    ExecutorType.SELENIUM,
-]
+THUMBNAIL_SELENIUM_USER = 'admin'
+ALERT_REPORTS_EXECUTE_AS = [ExecutorType.SELENIUM]
 ```
 
+Please refer to `ExecutorType` in the codebase for other executor types.
+
 
 **Important notes**
 

superset/config.py

@@ -1249,12 +1249,13 @@ MACHINE_AUTH_PROVIDER_CLASS = "superset.utils.machine_auth.MachineAuthProvider"
 ALERT_REPORTS_CRON_WINDOW_SIZE = 59
 ALERT_REPORTS_WORKING_TIME_OUT_KILL = True
 # Which user to attempt to execute Alerts/Reports as. By default,
-# use the user defined in the `THUMBNAIL_SELENIUM_USER` config parameter.
+# execute as the primary owner of the alert/report (giving priority to the last
+# modifier and then the creator if either is contained within the list of owners,
+# otherwise the first owner will be used).
+#
 # To first try to execute as the creator in the owners list (if present), then fall
 # back to the creator, then the last modifier in the owners list (if present), then the
-# last modifier, then an owner (giving priority to the last modifier and then the
-# creator if either is contained within the list of owners, otherwise the first owner
-# will be used) and finally `THUMBNAIL_SELENIUM_USER`, set as follows:
+# last modifier, then an owner and finally `THUMBNAIL_SELENIUM_USER`, set as follows:
 # ALERT_REPORTS_EXECUTE_AS = [
 #     ExecutorType.CREATOR_OWNER,
 #     ExecutorType.CREATOR,
@@ -1263,7 +1264,7 @@ ALERT_REPORTS_WORKING_TIME_OUT_KILL = True
 #     ExecutorType.OWNER,
 #     ExecutorType.SELENIUM,
 # ]
-ALERT_REPORTS_EXECUTE_AS: List[ExecutorType] = [ExecutorType.SELENIUM]
+ALERT_REPORTS_EXECUTE_AS: List[ExecutorType] = [ExecutorType.OWNER]
 # if ALERT_REPORTS_WORKING_TIME_OUT_KILL is True, set a celery hard timeout
 # Equal to working timeout + ALERT_REPORTS_WORKING_TIME_OUT_LAG
 ALERT_REPORTS_WORKING_TIME_OUT_LAG = int(timedelta(seconds=10).total_seconds())