Personal collections allow to bypass database permissions


We have a simple use-case of the user having access to the database connection. At some point, we want to revoke such database permission, but since the database is still presented for other users, the user we won't to withdraw it from still can use his saved questions in a personal collection.

How can it be a workaround to disallow the user to see data from the database he no longer has permission to access? access

We assign each user to their dedicated group and then grant permission to the database for this group.

I will appreciate any advice!

You’re mixing data permissions with collection permissions. If a user doesn’t have data permissions it’s impossible they can access the data

Could you please clarify you answer in more detail :pray:

My point that at some time user had access to the DB and he saved the question based on the DB table inside his personal collection. Later when DB access was revoked, he still can access the saved question in his collection. (that queries DB directly)

If the user doesn't have db permissions, then those users can't query the DB, no matter where the question is located. The user you're mentioning has data permissions: e.g. no-self service or sql permissions