Am I missing something here? I can only completely revoke access or allow writing SQL queries.
The documentation (https://metabase.com/docs/latest/administration-guide/05-setting-permissions.html) suggests that you can choose “Write (and ready)”, “Read”, or “No sql query access”.
Is this possibly a bug?
My users can search and find a question, they have permission to the collection, but when they try to access a SQL question, they cannot use it.
Under Read SQL queries on the page you linked it also says:
… This access level requires the group to additionally have at least Limited data access for the database in question.
Is that the case in your setup?
That’s a good point to check.
They do have limited data access to the database as a whole. However, some schemas have “No Access” while other schemas have “Limited Access”.
You got me thinking though. I opened up Chrome inspector and found that the call to https://metabase/api/field/336 was getting 403 Forbidden. It turns out that one of the field filters was using a table that the permissions did not allow. Once I added that table as Unrestricted Access, the limited users were able to use the question.
So, I think I’m good. It was just hard to narrow down which of the particular permission checks were failing since the only error presented to the user is basically “You don’t have permission”.