Disable downloads for users

Is there a way that downloads can be disabled for user group or users?

Hi @hks21
Currently no (0.32.9). A work-around would be to block the request with a reverse proxy:

/api/card/[\d]+/query/(csv|xlsx|json)
/api/dataset/(csv|xlsx|json)
1 Like

ok Thanks flamber.

@flamber This is super helpful, I have also bumped up the Github open issue: feature request for this. Thanks for the interim hack, the question is where(which section) do these paths get called “/api/card/[\d]+/query/(csv|xlsx|json)” in the metabase

@sagun.garg
The download endpoints gets called from anywhere there’s a download option available, so that would be in questions and on embedded dashboards.
Just for reference for others:
https://github.com/metabase/metabase/issues/6369 - upvote by clicking :+1: on the first post

I'm sorry if my problem turns out to be trivial but I cannot block these urls using nginx on localhost. I am using docker to host metabase on localhost:3000. Here is my nginx.conf:
#user http;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
proxy_pass http://0.0.0.0:3000;
}
location ^~/api/card/[\d]+/query/(csv|xlsx|json)/{
return 444;
#deny all ;
}
location ^~/api/dataset/(csv|xlsx|json)/{
return 444;
#deny all ;
}
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
Where am I going wrong?

@atharva_c You are not writing what the problem/error is, but I would recommend that you read the Nginx documentation, since that's where your problem is:
http://nginx.org/en/docs/http/ngx_http_core_module.html#location