If you hover the "No", then you'll see this tooltip (Native query editor access requires full data access):
You have to create another database connection, where you limit the privileges on the database, so Metabase doesn't even have access to the schema you want restricted.
Oh, I think what I was trying to achieve and your suggestion doesn't match.
I'm sorry for not being clear.
The user here is the user in Metabase, not the database user.
Say, I have 2 users, OPS and BI.
OPS is allowed to see data in schema production_pii while BI is not allowed to.
However, BI still needs access to create question/query in Metabase using other schemas.
Unfortunately, when I tried the steps above, it's not possible.
Do you have any solution for this @flamber?
@abed That's exactly what I recommended. Create a user on the database that doesn't have privileges to the schema and create a new database connection in Admin > Databases, which BI should have access to.
You cannot give SQL permissions without giving access to everything what the database credentials has privileges to. Metabase currently doesn't support parsing the SQL: https://github.com/metabase/metabase/issues/10525 - upvote by clicking on the first post