All users display in a pulse list


Metabase v. 3.25, with Chrome browser in Windows 10.

I created a regular user and made it part of a group with access to only one table.

When log into that user I only see the one table. So far so good. I then create a pulse and I see the list of all other users.

Is there a way to limit that list and either not show any user or only the one user that is currently logged in?


Hi @gatalec

I cannot find a feature request for that, so you can create one if you want:

To make a hack/workaround, you would have to filter out the response from /api/user and only show the user, which has the id from the response /api/user/current. Not sure what happens if you just block /api/user or make it return an empty JSON.

By the way, it’s version 0.32.5

Thank you flamber.

How would I go about figuring out filtering the response? Modifying the source code?

You could probably do everything exactly like you want if you modify the source, but that would probably be a huge task and then you would have to maintain it every time there’s an upgrade.

You can do a lot of things with a reverse proxy. So if you place a reverse proxy in front of Metabase, you (the user) are actually talking to the proxy. You can replace responses or modify then (i.e. with Nginx, you would use sub_filter to modify).

I’ve created a feature request issue for this as we would like to limit which users to display based on the user group of the current user. Feel free to give it a :+1:

1 Like

I have the same request and to me it’s a security risk.

I set different user logins for different customers, each one set with permission to only access a specific table(s). However, when it comes to creating pulses or even alerts, the email field automatically populates with all users in the system.

I would expect the correct behavior to be that only users with the same access rights are displayed on the list.

@gatalec Then go and upvote by clicking :+1: on the first post:

Just did, Thank you flamber!