Suppress viewing of SQL code for standard user on 0.33.0

Feedback and Requests
1

I believe this to an essential feature for your customers who are creating custom solutions

A user can be created with permission revoked to edit SQL. But user can still view the SQL. I believe the correct behavior s/b that user cannot edit and cannot view the code. This may have been the intent as evident from the dialog box that appears when saving the users rights.

Chuck
image

2

@crwheelr
EDIT: There’s already an issue filed on it - go and upvote by clicking :+1: on the first post:
https://github.com/metabase/metabase/issues/8773
Like I said in the other post, there are other ways to view the query besides the editor window, so hiding the editor wouldn’t protect the query code.

3

Hello gents, back on this topic As far as I can tell, and experimented extensively with 0.33.2, there is no way to suppress question construction from a user, which giving user ability to execute a pulse

I want to suppress viewing of question construction for my future customers, to protect the IP.

  1. created a group and a test user in the group
  2. for the group, and in admin form,
    Data permissions all X out
  3. I created a sub collection that contains only pulses. - test user full access properties to it (since user has to provide their email address for the pulse). The pulse content references questions in another subgroup that is X out.
  4. All other subcollections are X out.

Is there any way to protect questions construction from view while allowing the report content to be viewed?

4

@crwheelr
If you don’t want any way of showing the query, then use a view or stored procedure, which most databases support.

5

I think that the Metabase dev team missed a key feature of the system with regard to permissions.

6

How to restrict users from viewing SQL?

7

@beta That's already implemented in 0.36.0, when users don't have permissions to write SQL:
https://github.com/metabase/metabase/issues/8773