Hi!
This seems like an obvious functionality, but I can't find any information on how to do it.
When I create a database connection, I have to enter the username and password of the user. And after that, all actions with this connection occur in the database under this login.
But I want every single user to have a connection with their login. After that I can use user permission in my base.
Database - Snowflake.
Hi @o.vyglovskiy
That's currently not possible. The database connections are shared with all users that have permissions to it. You would need to create separate database connections for each user.
Do we plan to get this on the roadmap? Or has this changed? For those who are familiar with permission passthrough on Looker or Tableau - the limited overhead to move to Metabase given we can use our existing access model defined in our data warehouse is a big perk.
@marcoquerque It would require a complete overhaul of how connections works.
There's a request for setting roles, which is likely more what most are looking for:
https://github.com/metabase/metabase/issues/5147 - upvote by clicking 
on the first post
Is there anyway to simply have this as a JDBC param that gets overridden by a user attribute? I don't think roles is what we want - we either need a reliable way for metabase to parse SQL and know what tables are being used and prevent a user from querying that table. OR - we need it to fallback to rules that already exist in the DWH.
+1 on this feature request,
We have a sparksql based iceberg catalog, which manages iceberg table authorization with Ranger service. The Metabase built-in Permission model is not sufficient because there are multiple schema (databases) in the catalog, so we hope that Metabase could pass through the user login info down to the query engine thus pushing down the authorization work to Ranger.
For folks who want this – I want to understand what problem you’re trying to solve with this feature.
Are you using some form of SSO (AD/Entra ID, AWS/GCP/Azure IAM, Okta, Kerberos, etc.)?
Or, do you want to send a bare username and password as part of a JDBC connection string?
Will the Metabase authentication data and the database authentication data always be the same?
(EDIT) What sort of differences in the (visible) database schema are you expecting to implement with per-user database logins? Metabase has a row-level security facility now, does that fulfill the need?
please review the impersonation or db routing features that we just launched, if you need more than that please let us know
1 Like
Want this too. + 1