My company has a support team which require to write queries on the database to search customers info.
They asked me to make them able to query but without seeing any sensitive data (emails, phones, etc), but they should still be able to query using those columns.
For example, they should be able to:
select * from users where email = 'example@gmail.com'.
But somehow if they did: select * from users, they should not see the sensitive columns.
What can I do in this situation?
Hello there,
The simplest version of this would be just giving the support team a set of questions or dashboards and giving them read-only permissions on them, not returning the sensitive columns and allowing them to play with filters.
If you want to add the permission to create GUI questions, then you'd have to make sure to hide those columns from the GUI with something like Table Metadata column visibility (applies to all users) or use something like sandboxing at the group level (Pro/Enterprise). In this scenario you would not allow native queries.
Then, if you want to add the permission to create/edit native queries, you'd have to control the database level permissions of the DB user Metabase uses to connect to control visibility, or control it at the group level with impersonation (again Pro/Enterprise).
Sorry if my response was a bit all over the place -- permissions is a broad topic and has lots of approaches, so let me know if any of those don't make sense for your particular case!