Filter doesn't work for users with view permission

I use filter type "Search box" for group of users which have rights only for View collection and this filter doesn't work. When I add the rights to database - everything is OK, filter works properly.
How I can utilize this: I would like to share dashboard to group of users only with view permissions (I mean they can't edit questions and dashboard) AND ability to use filter?

Screenshots in attachment.
First one - user have rights for view in collection and have full access to db.
Second one - user have rights for view in collection and don't have access to db.

Screenshot 2023-03-01 at 11.24.00
Screenshot 2023-03-01 at 11.23.48

Diagnostic info?

Where I can found this?

@Luiggi
if you mean network diagnostic, screenshots below:


First - user has access to collection to View and Full access to DB.
Second - user has access to collection to View and No access to DB.

Also I've attached screenshot with permission groups, mb it helps too.


Diagnostic Info" from Admin > Troubleshooting.

@cobalt @Luiggi

{
  "browser-info": {
    "language": "ru",
    "platform": "MacIntel",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0",
    "vendor": ""
  },
  "system-info": {
    "file.encoding": "UTF-8",
    "java.runtime.name": "OpenJDK Runtime Environment",
    "java.runtime.version": "11.0.16+8",
    "java.vendor": "Eclipse Adoptium",
    "java.vendor.url": "https://adoptium.net/",
    "java.version": "11.0.16",
    "java.vm.name": "OpenJDK 64-Bit Server VM",
    "java.vm.version": "11.0.16+8",
    "os.name": "Linux",
    "os.version": "4.14.287-215.504.amzn2.x86_64",
    "user.language": "en",
    "user.timezone": "GMT"
  },
  "metabase-info": {
    "databases": [
      "postgres"
    ],
    "hosting-env": "unknown",
    "application-database": "postgres",
    "application-database-details": {
      "database": {
        "name": "PostgreSQL",
        "version": "12.11"
      },
      "jdbc-driver": {
        "name": "PostgreSQL JDBC Driver",
        "version": "42.4.1"
      }
    },
    "run-mode": "prod",
    "version": {
      "date": "2022-08-16",
      "tag": "v0.44.1",
      "branch": "release-x.44.x",
      "hash": "112f5aa"
    },
    "settings": {
      "report-timezone": "Europe/Moscow"
    }
  }
}

Please, help someone.
How to utilise View rights for users with proper filter works.

you need to use "no self-service" permissions for the data, and it should work. BTW: please upgrade metabase to the latest version

Thanks for your insight.
In case I use "No self-service" filter doesn't work. It works only in "Unrestricted" mode for database for users who have view permissions for collection.

That isn’t possible, please post entire reproduction steps with the sample database, we’ll need all steps to reproduce from the very beginning

Okay, let's try from the very beginning:

  1. I have >1000k distinct values in text column.

  2. I have Test collection with single dashboard with single question which utilise table where field contains >1000 distinct text values.


  3. I have Test group with View permission to Test collection.

  4. I have No self-service for this group to Database.

  5. When I use dropdown filter for field with "list of all values" I face error "No matching %field_name% found".

  1. If I change access to Database to Unrestricted/Granular (for this table) - Filter works properly.

I just tested the entire flow with 45.3 and with a user with "no self-service" data permissions and view only permissions on a collection, the user can use the filters:

please try to send us the logs when the user clicks the filter and does not see the values if possible

I'm not sure I isolated the right logs

`[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:15+01:00 DEBUG metabase.server.middleware.log GET /api/collection/tree 200 2.6 s (327 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (15 idle, 0 queued) (189 total active threads) Queries in flight: 19 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:16+01:00 DEBUG metabase.server.middleware.log GET /api/util/bug_report_details 200 4.0 ms (1 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (15 idle, 0 queued) (189 total active threads) Queries in flight: 19 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:21+01:00 DEBUG metabase.server.middleware.log POST /api/dashboard/77/dashcard/1444/card/273/query 202 [ASYNC: completed] 20.0 s (20 DB calls) App DB connections: 2/15 Jetty threads: 2/50 (16 idle, 0 queued) (189 total active threads) Queries in flight: 18 (0 queued); postgres DB 4 connections: 13/15 (0 threads blocked)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:21+01:00 DEBUG metabase.server.middleware.log POST /api/dashboard/77/dashcard/1445/card/275/query 202 [ASYNC: completed] 20.7 s (24 DB calls) App DB connections: 2/15 Jetty threads: 2/50 (16 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued); postgres DB 4 connections: 14/15 (0 threads blocked)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:23+01:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 34.6 ms (4 DB calls) App DB connections: 2/15 Jetty threads: 5/50 (13 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:23+01:00 DEBUG metabase.server.middleware.log GET /api/user/current 200 29.3 ms (9 DB calls) App DB connections: 1/15 Jetty threads: 5/50 (13 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:23+01:00 DEBUG metabase.server.middleware.log GET /api/bookmark 200 12.9 ms (1 DB calls) App DB connections: 4/15 Jetty threads: 7/50 (11 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:23+01:00 WARN metabase.server.middleware.log GET /api/collection/root 403 22.8 ms (2 DB calls) 
"You don't have permissions to do that."

[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:23+01:00 DEBUG metabase.server.middleware.log GET /api/database 200 20.5 ms (3 DB calls) App DB connections: 2/15 Jetty threads: 5/50 (13 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:23+01:00 DEBUG metabase.server.middleware.log GET /api/collection/tree 200 50.7 ms (5 DB calls) App DB connections: 2/15 Jetty threads: 4/50 (14 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:23+01:00 DEBUG metabase.server.middleware.log GET /api/dashboard/77 200 169.9 ms (17 DB calls) App DB connections: 1/15 Jetty threads: 3/50 (15 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:24+01:00 WARN metabase.server.middleware.log GET /api/database/4/schemas 403 21.4 ms (3 DB calls) 
"You don't have permissions to do that."

[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:24+01:00 WARN metabase.server.middleware.log GET /api/table/158/query_metadata 403 31.2 ms (3 DB calls) 
"You don't have permissions to do that."

[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:24+01:00 DEBUG metabase.server.middleware.log GET /api/collection/212 200 23.1 ms (3 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (15 idle, 0 queued) (189 total active threads) Queries in flight: 17 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:27+01:00 DEBUG metabase.server.middleware.log GET /api/user/current 401 1.7 ms (0 DB calls) 
"Unauthenticated"

[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:27+01:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 22.4 ms (2 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (15 idle, 0 queued) (192 total active threads) Queries in flight: 22 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 DEBUG metabase.server.middleware.log POST /api/dashboard/77/dashcard/1443/card/194/query 202 [ASYNC: completed] 28.1 s (20 DB calls) App DB connections: 2/15 Jetty threads: 2/50 (16 idle, 0 queued) (192 total active threads) Queries in flight: 21 (0 queued); postgres DB 4 connections: 15/15 (0 threads blocked)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 33.1 ms (4 DB calls) App DB connections: 1/15 Jetty threads: 4/50 (14 idle, 0 queued) (192 total active threads) Queries in flight: 21 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 DEBUG metabase.server.middleware.log GET /api/user/current 200 80.3 ms (9 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (15 idle, 0 queued) (192 total active threads) Queries in flight: 21 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 WARN metabase.server.middleware.log GET /api/collection/root 403 14.1 ms (2 DB calls) 
"You don't have permissions to do that."

[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 DEBUG metabase.server.middleware.log GET /api/bookmark 200 11.7 ms (1 DB calls) App DB connections: 2/15 Jetty threads: 6/50 (12 idle, 0 queued) (192 total active threads) Queries in flight: 21 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 DEBUG metabase.server.middleware.log GET /api/database 200 28.9 ms (3 DB calls) App DB connections: 3/15 Jetty threads: 5/50 (13 idle, 0 queued) (192 total active threads) Queries in flight: 21 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 DEBUG metabase.server.middleware.log GET /api/collection/tree 200 51.0 ms (5 DB calls) App DB connections: 2/15 Jetty threads: 4/50 (14 idle, 0 queued) (192 total active threads) Queries in flight: 21 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:29+01:00 DEBUG metabase.server.middleware.log GET /api/dashboard/77 200 159.2 ms (17 DB calls) App DB connections: 1/15 Jetty threads: 3/50 (15 idle, 0 queued) (192 total active threads) Queries in flight: 21 (0 queued)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:30+01:00 WARN metabase.server.middleware.log GET /api/database/4/schemas 403 19.1 ms (3 DB calls) 
"You don't have permissions to do that."

[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:30+01:00 DEBUG metabase.server.middleware.log POST /api/dashboard/77/dashcard/1443/card/194/query 202 [ASYNC: canceled] 16.2 s (17 DB calls) App DB connections: 1/15 Jetty threads: 3/50 (15 idle, 0 queued) (192 total active threads) Queries in flight: 20 (0 queued); postgres DB 4 connections: 15/15 (2 threads blocked)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:30+01:00 DEBUG metabase.server.middleware.log POST /api/dashboard/77/dashcard/1445/card/275/query 202 [ASYNC: canceled] 16.2 s (21 DB calls) App DB connections: 1/15 Jetty threads: 3/50 (15 idle, 0 queued) (192 total active threads) Queries in flight: 18 (0 queued); postgres DB 4 connections: 15/15 (3 threads blocked)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:30+01:00 DEBUG metabase.server.middleware.log POST /api/dashboard/77/dashcard/1444/card/273/query 202 [ASYNC: canceled] 16.2 s (17 DB calls) App DB connections: 1/15 Jetty threads: 3/50 (15 idle, 0 queued) (192 total active threads) Queries in flight: 18 (0 queued); postgres DB 4 connections: 15/15 (1 threads blocked)
[a1f91a47-30c1-48e0-abbd-eb71390c86de] 2023-03-13T09:33:30+01:00 WARN metabase.server.middleware.log GET /api/table/158/query_metadata 403 30.8 ms (3 DB calls) 
"You don't have permissions to do that."`

I cut values to 1k and again receive 403 error when trying to use filter.


Screenshot 2023-03-28 at 19.42.12

Why this filter doesn't work?

Okay, I've found that I cut not so precisely distinct values to 1k and there were 1009. So this is the only one point why filter doesn't work?

this is weird, you say you got a permissions error if you go over 1009 distinct values?

Looks like.
When I cut field distinct values to less than 1k distinct values filter had begun work.


Screenshot 2023-03-29 at 07.51.19