Lets say I have a database with three tables; A, B and C
I setup a role in my database that grants access to table A but not B or C, I assign this within metabase to a user group called 'AccessA' with all the user attributes set up correctly.
I also within metabase set up granular access to table B but not table A or C, this is assigned to user group called 'AccessB'
Now If I have a user and I assign them to 'AccessA' with user attributes set up to access the data impersonation role, they can only access table A
If I have a user and I assign them to 'AccessB', they can only access table B
If I have a user with both AccessA and AccessB, what do you expect would happen? Metabase docs say they grant the most permissive access based on all roles applied, so the user should have access to table A and B but not C.
Actually the user has access to table A (through impersonation) but not table B, and it appears the restrictions on the impersonation rules stop 'AccessB' granular access from granting access.