Row sandboxing and complex user access

Hi there, my company is considering Metabase Enterprise edition, but not sure if row-level sandboxing will fit our needs.

As far as I know, typically you compare an user attribute against a column to filter rows out. But we have a more complex set of permissions. I can write an SQL to return the primary keys of the rows a given user has access to. Or write an SQL to return the user ids that can access a given row.

But I am not sure how this can help with row checking, if the check only sees if a certain column is EQUAL to certain attributes - it seems a bit simplistic.

Any tips or ideas here?

Hi @michals

You can use advanced sandboxes to create queries that sandboxed based on that saved question.

There are some examples here (which can also be used to limit some columns):

But I would need to understand your structure better to be able give more direct advice.

I think I now understand how this advanced sandboxing would work. Sounds good, and I think it would solve the problem. Thank you!