Hi,
Since version 51 (now on most recent version 0.52.3), while using account with permissions with no access directly to the database (set to NO) and while having VIEW permission to the collection, when going into a defined metric, there is a request being made to the underlying database which returns a 403.
This is problematic in our environment as after few of those errors we completely ban an IP from accessing metabase,
Could it be that this request to the database is incorrectly done and could be disabled so that 403 is not generated?
Request URL:
https://****/api/database/3
Request Method:
GET
Status Code:
403 Forbidden
You don't have permissions to do that.
To replicate:
NO access to database
VIEW access to collection
Go to Metrics > click on one of defined metrics
Same thing happens if you click into a metric within a collection