My team is considering using Metabase (We will self-host the Metabase app on our cloud environment using docker image) to query through data but we have to convince the tech lead and manager that Metabase is safe because we will be querying confidential data as well.
So i want to ask the below.
Is my understanding correct that users on Metabase cannot execute update, delete, insert statements using the SQL editor or modify the data from the UI? I am assuming users cannot modify data from Metabase but i want to confirm just in case.
Are there a significant number of clients who use Metabase to query their confidential data? If yes, can you tell me the brief number of clients who use Metabase to query their confidential data (If possible) so we can provide the statistics to our tech lead and manager?
Is there anything in particular we should be aware of if we are going to use Metabase to query confidential data? (The only thing i was worried about was that the http query request/response was not encrypted but we will make Metabase only accessible through VPN so there should be no problem)
Thank you for your answer.
So is my below understanding for question 1. correct?
If the database credentials you provide to Metabase have write access you can indeed execute update, delete, insert statements from the SQL editor (I have tested this).
So if we want to prevent misoperation by users who want to analyze data we should do either or both of the following.
- Provide database credentials with only read-access (Ideal)
- Do not grant SQL editor permissions
Sorry i would also like to ask one last question.
My understanding is user passwords, database passwords etc are encrypted and stored by default.
By setting the
MB_ENCRYPTION_SECRET_KEY env variable other database connection info like host name, service name etc will also be encrypted and stored as well.
Is my understanding correct?
@lunezmoon Correct, you should do the same for any other app. I see way too many setups on MySQL, where every app is using the user
root, which can do everything on the database - that’s a security nightmare.
All user passwords (
core_user table) are always encrypted.
MB_ENCRYPTION_SECRET_KEY will encrypt everything in
setting table. But if you apply it on existing instances, then the values are only encrypted once they are saved again.
Got it. Thank you!