"Sorry, you don't have permission to see that" issue seen by admin, but doesn't persist

Get Help
1

I’m encountering permissions issues on occasion. I cannot produce these errors intentionally (or in the Sample database). The error message “Sorry, you don’t have permission to see this card.” showed up a few times when I was trying to create a model, view a dashboard or view a question. With the model creation, this happened in both the GUI builder and native queries interface.

In dashboards and questions, the error persists for a while and eventually after a few refreshes or if I try the action again later on, it works again. Sometimes it crops back up. (One of our customers reported something similar recently in the dashboards.)

In models, the error shows every time I try to edit the query. I can replicate this with sample data, see screenshots. I can preview a model that is just the table itself, but as soon as I add a summary function and hit the blue preview button, I get “Sorry, you don’t have permission to see that.”

Screenshot 2025-08-07 130558
Screenshot 2025-08-07 1305582833×1654 488 KB

Screenshot 2025-08-07 130626
Screenshot 2025-08-07 1306262835×1655 413 KB

Screenshot 2025-08-07 130637
Screenshot 2025-08-07 1306372837×1650 41 KB

I am not using a proxy, and I am an admin.

Logs from an error (when trying to create a model):

[5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:02+01:00 DEBUG metabase.server.middleware.log GET /api/health 200 0ms (0 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (10 idle, 0 queued) (120 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id nil} [5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:03+01:00 DEBUG metabase.server.middleware.log GET /api/health 200 0ms (0 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (10 idle, 0 queued) (120 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id nil} [5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:07+01:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 40ms (13 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (10 idle, 0 queued) (120 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 12} [5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:07+01:00 DEBUG metabase.server.middleware.log GET /api/user/current 200 21ms (10 DB calls) App DB connections: 0/15 Jetty threads: 4/50 (8 idle, 0 queued) (122 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 12} [5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:07+01:00 DEBUG metabase.server.middleware.log GET /api/bookmark 200 3ms (1 DB calls) App DB connections: 0/15 Jetty threads: 4/50 (9 idle, 0 queued) (122 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 12} [5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:07+01:00 DEBUG metabase.server.middleware.log GET /api/database 200 43ms (2 DB calls) App DB connections: 2/15 Jetty threads: 6/50 (7 idle, 0 queued) (122 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 12} [5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:07+01:00 DEBUG metabase.server.middleware.log GET /api/search 200 13ms (4 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (9 idle, 0 queued) (122 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 12} [5d9de7e7-fd57-4526-bf87-f8024acbcea6] 2025-08-07T11:56:08+01:00 DEBUG metabase.server.middleware.log GET /api/timeline 200 2ms (1 DB calls) App DB connections: 0/15 Jetty threads: 3/50 (10 idle, 0 queued) (122 total active threads) Queries in flight: 0 (0 queued) {:metabase-user-id 12}

Diagnostic info

{
  "browser-info": {
    "language": "en-GB",
    "platform": "Win32",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36",
    "vendor": "Google Inc."
  },
  "metabase-info": {
    "databases": [
      "postgres",
      "h2"
    ],
    "run-mode": "prod",
    "plan-alias": "",
    "version": {
      "date": "2025-03-18",
      "tag": "v0.53.7",
      "hash": "1cd6e9d"
    },
    "settings": {
      "report-timezone": null
    },
    "hosting-env": "unknown",
    "application-database": "postgres",
    "application-database-details": {
      "database": {
        "name": "PostgreSQL",
        "version": "16.8"
      },
      "jdbc-driver": {
        "name": "PostgreSQL JDBC Driver",
        "version": "42.7.4"
      }
    }
  },
  "system-info": {
    "file.encoding": "UTF-8",
    "java.runtime.name": "OpenJDK Runtime Environment",
    "java.runtime.version": "21.0.6+7-LTS",
    "java.vendor": "Eclipse Adoptium",
    "java.vendor.url": "https://adoptium.net/",
    "java.version": "21.0.6",
    "java.vm.name": "OpenJDK 64-Bit Server VM",
    "java.vm.version": "21.0.6+7-LTS",
    "os.name": "Linux",
    "os.version": "5.10.238-234.956.amzn2.x86_64",
    "user.language": "en",
    "user.timezone": "GMT"
  }
}
2

Can you upgrade to 0.55.11 which is our latest version and check if it happens to you there as well … I tested on our latest and i am not able to replicate

3

Are you running Metabase through a CDN (i.e., CloudFront, Cloudflare) or API Gateway (AWS) that has a WAF (Web Application Firewall) enabled? I’ve seen issues where the WAF takes issue with Metabase and rejects the query, returning a 403. The Metabase logs never show a 403 but if you look in the web browser’s console, you’ll see the request that generated the error has headers that indicate there is an intermediary in the web request.

If this is the case, you’ll need to whitelist Metabase through the WAF. Check the WAF logs to see what rule it’s tripping.

1 Like
4

That was it! We hadn’t changed our stack but suddenly started encountering this issue out of the blue (inspected network and yep, they were 403s). Whitelisting Metabase has done the trick. Thanks very much!

5

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.