Permission: SQL questions cannot be viewed after granted "View access"

Hi Metabase Team,

I would like to report a bug in Metabase 0.34.0 related to permission.

According to Metabase Documentation about Collections:

View access: the user can see all the questions, dashboards, and pulses in the collection. If the user does not have permission to view some or all of the questions included in a given dashboard or pulse then those questions will not be visible to them; but any questions that are saved in this collection will be visible to them, even if the user doesn’t have access to the underlying data used to in the question.

This works as expected for Simple/Custom questions, but does not work as expected for SQL questions. In other words, SQL questions cannot be viewed by a user even after that user is granted either View access or Curate access to the collection where the question is located, and the Data Permission is either No Access or Data Access.

It has two different outputs depending on the Data Permission:

• If Data Permission is No Access, then there is black pair of keys figure with black text saying "Sorry, you don’t have permission to see that." (Figure 1)
• If Data Permission is Data Access, then there is red diagonal cross inside circle figure with red text saying "You do not have permissions to run this query." (Figure 2)

screencapture-localhost-3000-question-1-2020-01-06-13_25_181680×1896 99 KB

screencapture-localhost-3000-question-1-2020-01-06-13_25_451680×1896 146 KB

Repeatable steps to reproduce the issue:

1. Run metabase.jar for the first time
2. Create admin account, e.g. admin@example.com
3. As Admin, in People menu, create member account, e.g. member@example.com
4. As Admin, in People menu, create group, e.g. Playground
5. As Admin, in People menu, add member@example.com to Playground
6. As Admin, in Permissions menu, adjust access for All Users for Sample Dataset to be either No access or Data Access, depending on the we want to reproduce result in Figure 1 or Figure 2
7. As Admin, in Permissions menu, grant Playground for Our analytics to be either View collection or Curate collection (does not matter)
8. As Admin, create a question using native query, e.g. select * from ORDERS;
9. As Admin, save the question in Our analytics, e.g. as SQL question
10. As Member, try to view the question
11. Member would not be able to view the question, and the output is either Figure 1 or Figure 2

Thank you for your help.

Edit: This bug has also been reported in Permission: SQL questions cannot be viewed after granted "View access" · Issue #11672 · metabase/metabase · GitHub.

Here’s the detail of Metabase in my system.

• Browser and its version: Chrome Version 79.0.3945.88 (Official Build) (64-bit)
• Operating system: macOS Mojave Version 10.14.6
• The type of database(s) connected to Metabase: BigQuery
• The version of Metabase run: 0.34.0
• Metabase hosting environment: Docker
• Metabase’s internal database type: PostgreSQL

greetings,

Also my metabase had an issue with the new version [v0.34.0] after upgrading.
I was running my metabase with [v0.33.6] version, Then I did an upgrade to [v0.34.0] version.
after that, everyday at morning the metabase turn off from itself and I should start it again. Starting from this week when I granted any user, this user will return as it was. this happens repeatedly with all users.

If anyone have been facing similar issue and knew what we should do

Thanks all,

This is a major problem for us - please fix!

Same for us – I’ve temporarily granted all users access to full data to resolve it, but it’s far from ideal

This bug has also been reported in https://github.com/metabase/metabase/issues/11672.

I downloaded the 0.39.4 version and I have the same problem now. Someone knows how to solve it? Thanks

@riccardolinares You are not seeing this problem. You need to provide more information on how this problem occurs and logs (Admin > Troubleshooting > Logs).

The problem occurs when I try to create or edit a new native query on a mysql database. I have admin permissions.

I had a very old version of metabase installed (0.20.something) and I had no problem. Now I updated it to the last version just pushing the .jar file to the repo.

I have just noted that I have two custom domain pointing to the same installation on metabase. On one of the two I have no problem, on the second domain I got the error.
If I try to edit an existing query I got a Permission error.

I got this error when I try to save a native query starting from the homepage of the Metabase:

image2560×942 290 KB

{
"browser-info": {
"language": "it-IT",
"platform": "Win32",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
"vendor": "Google Inc."
},
"system-info": {
"file.encoding": "UTF-8",
"java.runtime.name": "OpenJDK Runtime Environment",
"java.runtime.version": "1.8.0_292-b10",
"java.vendor": "AdoptOpenJDK",
"java.vendor.url": "https://adoptopenjdk.net/",
"java.version": "1.8.0_292",
"java.vm.name": "OpenJDK 64-Bit Server VM",
"java.vm.version": "25.292-b10",
"os.name": "Linux",
"os.version": "5.12.14+",
"user.language": "en",
"user.timezone": "UTC"
},
"metabase-info": {
"databases": [
"postgres",
"h2",
"mysql"
],
"hosting-env": "unknown",
"application-database": "postgres",
"application-database-details": {
"database": {
"name": "PostgreSQL",
"version": "9.6.18"
},
"jdbc-driver": {
"name": "PostgreSQL JDBC Driver",
"version": "42.2.18"
}
},
"run-mode": "prod",
"version": {
"tag": "v0.39.4",
"date": "2021-06-15",
"branch": "release-x.39.x",
"hash": "f538050"
},
"settings": {
"report-timezone": null
}
}
}

@riccardolinares You are using CloudFlare - disable their WAF or captcha or whatever protection you're using:
https://www.metabase.com/docs/latest/troubleshooting-guide/proxies.html

Problem Solved. Many thanks!