We are currently considering shortlisting Metabase as one of our dashboard platforms. We are delighted to know that this platform support many of our desired functionalities. Kudos to the developers
One of our concerns in selecting dashboard is the user access control. Let’s go straight to an example;
A table in our database contains a column named region , it stores the region name information related to each row. We want our field team in each region to have an access to the dashboard, but they are supposed to have access only to the data related to their region. Thus, we need to restrict the dashboard display for each field users (e.g. something like adding WHERE region = <region_name> in SQL query).
We also want our field user to explore the dashboard (e.g. they can filter the date, sort columns, do pivot table, display only records with specific criteria) but still with the data for their region.
We explored Metabase and found out that we can create users groups, restrict user access to table level, and we can also restrict the access to questions collection. But we can’t find out how to configure Metabase as our description above.
It would be great if Metabase able to fulfill the requirements. Can we do that in the current version?
We don’t currently support row level access controls.
Depending on the number of regions, this might be solvable by creating views on top of that table for the specific regions and giving each team access to just that table.
I was wondering if there had been any further developments in including row level access controls?
In my situation I would like to be able to pass the metabase user id as a filter to the underlying SQL which annotates each row with a corresponding attribute that can be used to filtered the data that is returned to the application. I believe others have mentioned a similar scenario. Workarounds such as creating views can work but are operational tedious to maintain.
That said - pretty impressed by the product so far.
Row Level Security is absolutely a “must to have” feature if I would want to talk about metabase to anybody around. Protecting the data at the DB level is a paramount to any BI tool agnostic implementation. Sorry to hear that it is not available.
Can’t this be done with blocked parameters? Those parameters have to ve passed in runtime and the user don’t see them.
So a blocked parameter that filter the region and depending on the logged on user you pass the correspondent value.
Isn’t that what you need?
Row Level Security was released around 2019 and is part of our Data Sandboxing feature. This also includes RLS with Column-Level Security (CLS), and extras like row modification controls and the user attributes.
We are constantly improving Permissions, here's the latest as part of Metabase 50.
