Is there a creative way to implement row-level access control. I know it is available in the enterprise. The only way I could think of is replicating questions for each group with a filter applied and creating multiple dashboards for each group. This is a lot of duplication of effort plus change tracking and implementation across questions & dashboards would be a nightmare.
Embed the dashboards, then have a filter set depending upon the user.
What @AndrewMBaines said.
Can alternatively write scripts to use the REST API to automate the creation and updates to all of those and stay in sync.
Write a script look for any new questions/additions under a target collection (bonus points for recursing through nested collections and preserving the structure). Create a JSON or XML file with a list of “groups” with whatever filtering needs to be done depending on the group. In your script have it use that master collection(s) to create a mirrored copy. If it doesn’t exist create it, if updated recently then update the copies. Have your script copy over each groups unique filters when doing the create/update.
Lastly when replacing the filter logic instead of just appending onto the EOF I’d add a simple Replace text step where you have some unique tag like /**! and !**/ then replace with that individual groups filter variable.
example:
REPLACE($SQLQuery, '/**! FILTER LOGIC HERE !**/', $GroupFilterLogic)
If you really want to get into the weeds once you have those down I have a bunch of potential things you could add.
Hi
I am not sure I fully understood your solution. Sorry if it may be too basic but
- where do I start writing the script?
- Create a mirrored copy of what? (Metabase metadata?)
Any examples would be very helpful.
-
You can use any language. You can script or write it in an actual language but it was a general overview of what I’d recommend you do if you were knowledgeable enough to implement it.
-
Mirrored copy of Metabase SQL Questions/collections which are sort of like files/folders and have it create and map to local files and folders and you’d want to write a program to create/maintain a mirrored copy between the two.
This isn’t something you’d want to attempt if you aren’t already an accomplished programmer and read through the API docs.