Role-Based Connection to Snowflake in Metabase

Hey folks,

I'm playing with Snowflake and Metabase, trying to set up connections that change the Snowflake Role used in the session based on user or group attributes. I noticed in the Roadmap that they're working on a feature with this idea:

Warehouse-side row-level permissions - Move permission management to your DW by letting Metabase pass user information (PAID FEATURE).
Source

Before this gets released, I'm curious if anyone's found a workaround? Any tips or guidance would be super helpful.

Thanks in advance!

Gustavo

it's going to be released in v47, should be out next week

1 Like

Thanks for the update @Luiggi. :grinning:

Hey @Luiggi, regarding this topic.

I recently came across the new Impersonation Access feature in Metabase and I have a question about how caching behaves with this feature.

Let's consider a scenario where we have two users—User 1 and User 2. Both users connect to the same database but have different user attributes and roles.

Specifically, User 1 has access to Column A, while User 2 has a Snowflake Masking Policy applied to the same Column A.

Now, if User 1 runs the query SELECT A FROM USERS;, and then a few seconds later, User 2 runs the same query, what happens with Metabase's caching mechanism?

Will Metabase reuse the cached result from User 1's query for User 2, or will it recognize that the connection parameters are different between the two users and execute a new query?

I hope my question is clear.

Looking forward to hearing your insights.