Permissions and Collections for new users not restricting access

I love the new collections feature, my team were talking about the need for this just yesterday and it was great to see it implemented just after!

We have built a dashboard and added every question it uses to a collection, which one user group has access to. This user group does not have access to raw data or SQL in the admin set up. We created a new test user and added them to the group. When we log on with the test user, we can write queries, pull raw data, and see ALL dashboards.

We can’t add other staff members to metabase outside of our data analytics team until we have the ability to do this. Our databases contain sensitive information that not every staff member should be able to pull out raw. Likewise, we will want to create dashboards for snr management which should not be accessible to the rest of the company.

Is anyone else experiencing this, or maybe I’m doing something wrong in the permissions setup?

I’ve actually figured this out - I never disabled “All Users!”

@eoneill Do you recall if “All Users” was automatically given permissions to access the new collection, or did you add the permission at some point? I believe collections are supposed to start with no permissions (except admins)

They were automatically given permission to all data, including the questions in the collection, so all users could view. It actually makes perfect sense, I’d just missed it looking at the permissions settings

Hmm, when I create a new collection the only group that initially has access to it is the Administrators group, which is what I would expect (better to default deny). I’m not sure why you’re seeing something different. Can you try creating another collection and see which groups initially have access? Thanks.

Yep I made a new one and it was just as you outlined there. Thanks!