Disable downloads for users

hks21 · July 22, 2019, 1:32pm

Is there a way that downloads can be disabled for user group or users?

flamber · July 22, 2019, 5:55pm

Hi @hks21
Currently no (0.32.9). A work-around would be to block the request with a reverse proxy:

/api/card/[\d]+/query/(csv|xlsx|json)
/api/dataset/(csv|xlsx|json)

hks21 · July 23, 2019, 11:03am

ok Thanks flamber.

sagun.garg · December 17, 2020, 9:55am

@flamber This is super helpful, I have also bumped up the Github open issue: feature request for this. Thanks for the interim hack, the question is where(which section) do these paths get called "/api/card/[\d]+/query/(csv|xlsx|json)" in the metabase

flamber · December 17, 2020, 10:27am

@sagun.garg
The download endpoints gets called from anywhere there’s a download option available, so that would be in questions and on embedded dashboards.
Just for reference for others:
https://github.com/metabase/metabase/issues/6369 - upvote by clicking on the first post

atharva_c · August 9, 2021, 7:08pm

I'm sorry if my problem turns out to be trivial but I cannot block these urls using nginx on localhost. I am using docker to host metabase on localhost:3000. Here is my nginx.conf:
#user http;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
proxy_pass http://0.0.0.0:3000;
}
location ^~/api/card/[\d]+/query/(csv|xlsx|json)/{
return 444;
#deny all ;
}
location ^~/api/dataset/(csv|xlsx|json)/{
return 444;
#deny all ;
}
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
Where am I going wrong?

flamber · August 9, 2021, 7:15pm

@atharva_c You are not writing what the problem/error is, but I would recommend that you read the Nginx documentation, since that's where your problem is:
http://nginx.org/en/docs/http/ngx_http_core_module.html#location

leobiscassi · October 19, 2023, 1:18am

@flamber I saw this PR requests that's related to the topic: FE: Download permission management by alxnddr · Pull Request #20883 · metabase/metabase · GitHub

I'm not sure, but I think the FE prefix means Feature Enterprise, is that right?

To double-check, we don't have such a feature for the open source version, just for the enterprise, and in case we need to do it on open source, we should follow the previous recommendation to block in the reverse proxy, right?

Luiggi · October 19, 2023, 11:15am

FE = Front End

leobiscassi · October 21, 2023, 2:27pm

@Luiggi thanks for clarifying, but looking at the docs, this is indeed a feature just for the pro and enterprise versions, right? Data permissions