My organization is running a multi-tenant environment in which each tenant has their own data, collection, and user group.
Permissions have been set up so that each user group only has permission to see their own data and their own collection.
A security concern has appeared that I am unable to find a solution for online.
Despite the tenants being in separate user groups, a user creating a dashboard subscription or pulse will see all users in Metabase as available users / emails to send the exported questions to. This is very concerning as each tenant should have no potential exposure to other tenant's data.
It is very concerning that I am able to control permissions everywhere in this tool except for the export process. Is there any way to limit users or emails available in subscriptions and/or pulses?
At minimum, I would want each user group to only see users within their group in the dropdown menu for adding emails to a subscription or pulse.
Ideal requirements: Option to limit who can be sent exported data based on permissions for the collection that the dashboard was created in.