I have several individual questions (native and not part of the dashboard) that are shared with other users, but users don't see the ability to filter certain columns. This requires having some level of permission ? In my case, even users with Curate access don't see it.
Using latest version 0.46.3
What do you mean by filter certain columns ... you get the filter option there or i am wrong?
I have the filter option because I'm admin but a common user doesn't have the option and I don't know why.
Can you share what the common user is getting? The screenshot you shared has the filter option
Here is the screen for a common user, if the user clicks on the column header or hovers over it, it will not offer any action. It doesn't matter if the permission is view or curate.
Can you check the Developer tools console tab while you click the column title please
I found the below records in the console, it's a production DB (I don't have testing), hope there is no unrelated record between them. Tab 391 and database 6 belong to this case...
It appears when I refresh the page in the web browser, when I click on the column name, nothing appears.
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/card/391 200 22,8 ms (11 DB volani) Spojeni k aplikacni DB: 2/10 Vlakna Jetty: 12/50 (0 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/collection/tree 200 13,5 ms (5 DB volani) Spojeni k aplikacni DB: 2/10 Vlakna Jetty: 11/50 (0 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/database 200 16,4 ms (3 DB volani) Spojeni k aplikacni DB: 4/10 Vlakna Jetty: 12/50 (0 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/search 200 10,3 ms (3 DB volani) Spojeni k aplikacni DB: 2/10 Vlakna Jetty: 12/50 (0 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/bookmark 200 18,6 ms (1 DB volani) Spojeni k aplikacni DB: 0/10 Vlakna Jetty: 10/50 (0 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/timeline 200 5,6 ms (3 DB volani) Spojeni k aplikacni DB: 1/10 Vlakna Jetty: 10/50 (2 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/card/391 200 19,4 ms (11 DB volani) Spojeni k aplikacni DB: 0/10 Vlakna Jetty: 9/50 (2 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 DEBUG metabase.server.middleware.log GET /api/alert/question/391 200 2,1 ms (1 DB volani) Spojeni k aplikacni DB: 0/10 Vlakna Jetty: 9/50 (2 necinne, 0 v rade) (198 celkem aktivnich vlaken) Dotazu v behu: 0 (0 v rade)
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 WARN metabase.server.middleware.log GET /api/database/6/schemas 403 5,7 ms (3 DB volani)
"You don't have permissions to do that."
[2300b14e-8a59-4ef2-bf50-fb263a506424] 2023-05-29T09:30:46+02:00 WARN metabase.server.middleware.log GET /api/table/52/query_metadata 403 5,1 ms (3 DB volani)
"You don't have permissions to do that."
Ok, clear, but when I click on the column name, nothing appears there. In fact, it doesn't even render the "arrow" in the frontend web browser...
> this is screenshot for admin user...
After a further investigation, it turns out that a common user must have the "Unrestricted" permission on database level. Is this the intended behavior?
This is not wanted because I don't want the user be able to browse all tables/raw data, I just want to allow them to filter the data in the existing question(s).
You can do granular permissions for specific tables
In the real world this will be hard to accomplish, there are about 900 tables in my connected databases, 50 are actively used currently. I have several question "editors" but they are not admins, every time they create question, they will have to go to me and verify/set permissions ? That will not work very smoothly 
It's even worse, if the question is written in pure SQL, then the common user must have "Native query editing" permission. This is wroooong. Even then it is not easy to filter the question, the user has to press the "Explore Result" button, then he can apply the filter in table.
