Row level access (without enterprise edition :))

Is there a creative way to implement row-level access control. I know it is available in the enterprise. The only way I could think of is replicating questions for each group with a filter applied and creating multiple dashboards for each group. This is a lot of duplication of effort plus change tracking and implementation across questions & dashboards would be a nightmare.

Embed the dashboards, then have a filter set depending upon the user.

What @AndrewMBaines said.

Can alternatively write scripts to use the REST API to automate the creation and updates to all of those and stay in sync.

Write a script look for any new questions/additions under a target collection (bonus points for recursing through nested collections and preserving the structure). Create a JSON or XML file with a list of “groups” with whatever filtering needs to be done depending on the group. In your script have it use that master collection(s) to create a mirrored copy. If it doesn’t exist create it, if updated recently then update the copies. Have your script copy over each groups unique filters when doing the create/update.

Lastly when replacing the filter logic instead of just appending onto the EOF I’d add a simple Replace text step where you have some unique tag like /**! and !**/ then replace with that individual groups filter variable.

REPLACE($SQLQuery, '/**! FILTER LOGIC HERE !**/', $GroupFilterLogic)

If you really want to get into the weeds once you have those down I have a bunch of potential things you could add.


I am not sure I fully understood your solution. Sorry if it may be too basic but

  1. where do I start writing the script?
  2. Create a mirrored copy of what? (Metabase metadata?)
    Any examples would be very helpful.
  1. You can use any language. You can script or write it in an actual language but it was a general overview of what I’d recommend you do if you were knowledgeable enough to implement it.

  2. Mirrored copy of Metabase SQL Questions/collections which are sort of like files/folders and have it create and map to local files and folders and you’d want to write a program to create/maintain a mirrored copy between the two.

This isn’t something you’d want to attempt if you aren’t already an accomplished programmer and read through the API docs.