Permission: SQL questions cannot be viewed after granted "View access"

Hi Metabase Team,

I would like to report a bug in Metabase 0.34.0 related to permission.

According to Metabase Documentation about Collections:

View access: the user can see all the questions, dashboards, and pulses in the collection. If the user does not have permission to view some or all of the questions included in a given dashboard or pulse then those questions will not be visible to them; but any questions that are saved in this collection will be visible to them, even if the user doesn’t have access to the underlying data used to in the question.

This works as expected for Simple/Custom questions, but does not work as expected for SQL questions. In other words, SQL questions cannot be viewed by a user even after that user is granted either View access or Curate access to the collection where the question is located, and the Data Permission is either No Access or Data Access.

It has two different outputs depending on the Data Permission:

  • If Data Permission is No Access, then there is black pair of keys figure with black text saying “Sorry, you don’t have permission to see that.” (Figure 1)
  • If Data Permission is Data Access, then there is red diagonal cross inside circle figure with red text saying “You do not have permissions to run this query.” (Figure 2)


Figure 1 The output if Data Permission is No Access


Figure 2 The output if Data Permission is Data Access

Repeatable steps to reproduce the issue:

  1. Run metabase.jar for the first time
  2. Create admin account, e.g. admin@example.com
  3. As Admin, in People menu, create member account, e.g. member@example.com
  4. As Admin, in People menu, create group, e.g. Playground
  5. As Admin, in People menu, add member@example.com to Playground
  6. As Admin, in Permissions menu, adjust access for All Users for Sample Dataset to be either No access or Data Access, depending on the we want to reproduce result in Figure 1 or Figure 2
  7. As Admin, in Permissions menu, grant Playground for Our analytics to be either View collection or Curate collection (does not matter)
  8. As Admin, create a question using native query, e.g. select * from ORDERS;
  9. As Admin, save the question in Our analytics, e.g. as SQL question
  10. As Member, try to view the question
  11. Member would not be able to view the question, and the output is either Figure 1 or Figure 2

Thank you for your help.

Edit: This bug has also been reported in https://github.com/metabase/metabase/issues/11672.


Here’s the detail of Metabase in my system.

  • Browser and its version: Chrome Version 79.0.3945.88 (Official Build) (64-bit)
  • Operating system: macOS Mojave Version 10.14.6
  • The type of database(s) connected to Metabase: BigQuery
  • The version of Metabase run: 0.34.0
  • Metabase hosting environment: Docker
  • Metabase’s internal database type: PostgreSQL
2 Likes

greetings,

Also my metabase had an issue with the new version [v0.34.0] after upgrading.
I was running my metabase with [v0.33.6] version, Then I did an upgrade to [v0.34.0] version.
after that, everyday at morning the metabase turn off from itself and I should start it again. Starting from this week when I granted any user, this user will return as it was. this happens repeatedly with all users.

If anyone have been facing similar issue and knew what we should do

Thanks all,

This is a major problem for us - please fix!

Same for us – I’ve temporarily granted all users access to full data to resolve it, but it’s far from ideal

This bug has also been reported in https://github.com/metabase/metabase/issues/11672.