Limit available users for Dashboard Subscriptions and Pulses based on Collection

My organization is running a multi-tenant environment in which each tenant has their own data, collection, and user group.

Permissions have been set up so that each user group only has permission to see their own data and their own collection.

A security concern has appeared that I am unable to find a solution for online.

Despite the tenants being in separate user groups, a user creating a dashboard subscription or pulse will see all users in Metabase as available users / emails to send the exported questions to. This is very concerning as each tenant should have no potential exposure to other tenant's data.

It is very concerning that I am able to control permissions everywhere in this tool except for the export process. Is there any way to limit users or emails available in subscriptions and/or pulses?

At minimum, I would want each user group to only see users within their group in the dropdown menu for adding emails to a subscription or pulse.

Ideal requirements: Option to limit who can be sent exported data based on permissions for the collection that the dashboard was created in.

Hi @Dcushing57
Parts of this is already integrated in the Enterprise Edition, and more will come in the future, but it's unlikely that such functionality will be part of the free open source edition.
https://github.com/metabase/metabase/issues/14561

Hi @flamber thank you for the quick reply.

Could you please expand what exactly is integrated into the Enterprise Edition? I have looked at many discussion threads and documentation provided by Metabase but have unable to find anything about this.

My company was considering upgrading to the Enterprise Edition in the near future anyways as the number of tenants using this tool expands.

@Dcushing57 When users are Sandboxed, then they won't be able to see other users.