Row-level access restriction


#1

Dear all,

We are currently considering shortlisting Metabase as one of our dashboard platforms. We are delighted to know that this platform support many of our desired functionalities. Kudos to the developers :slight_smile:

One of our concerns in selecting dashboard is the user access control. Let’s go straight to an example;

A table in our database contains a column named region , it stores the region name information related to each row. We want our field team in each region to have an access to the dashboard, but they are supposed to have access only to the data related to their region. Thus, we need to restrict the dashboard display for each field users (e.g. something like adding WHERE region = <region_name> in SQL query).

We also want our field user to explore the dashboard (e.g. they can filter the date, sort columns, do pivot table, display only records with specific criteria) but still with the data for their region.

We explored Metabase and found out that we can create users groups, restrict user access to table level, and we can also restrict the access to questions collection. But we can’t find out how to configure Metabase as our description above.

It would be great if Metabase able to fulfill the requirements. Can we do that in the current version?

Any suggestions are welcome :slight_smile:

Thanks,

Andika


#2

We don’t currently support row level access controls.

Depending on the number of regions, this might be solvable by creating views on top of that table for the specific regions and giving each team access to just that table.


#3

Thank you for the answer, Sameer.

Unfortunately currently we have 70++ regions and still counting. It will be great if Metabase could support the row-level access control :slight_smile:

Andika


#4

Dear Sameer,

In my opinion this is a much-required feature. It’s a must-have for our application

Are there plans for implementation?

Thanks,
Klaas


#5

I was wondering if there had been any further developments in including row level access controls?

In my situation I would like to be able to pass the metabase user id as a filter to the underlying SQL which annotates each row with a corresponding attribute that can be used to filtered the data that is returned to the application. I believe others have mentioned a similar scenario. Workarounds such as creating views can work but are operational tedious to maintain.

That said - pretty impressed by the product so far.

Brian


#6

@brianwilson I don’t think the feature is there yet generally speaking. The GitHub issue to follow for this is:

Depending on your usage scenario the specific comment at https://github.com/metabase/metabase/issues/2824#issuecomment-293375006 suggesting embedding Metabase into another page with a signed parameter might or might not help you.


Dashboard: filter by user
#7

Row Level Security is absolutely a “must to have” feature if I would want to talk about metabase to anybody around. Protecting the data at the DB level is a paramount to any BI tool agnostic implementation. Sorry to hear that it is not available.


#8

Can’t this be done with blocked parameters? Those parameters have to ve passed in runtime and the user don’t see them.
So a blocked parameter that filter the region and depending on the logged on user you pass the correspondent value.
Isn’t that what you need?