SQL user attribute permission issues

Hi everyone,

I'm brand new to Metabase and I have a few permission questions.

Context: We have a SaaS application with lots of different businesses as clients. These clients need access to their data (which is on one central database) and we're trialing out metabase. We need a workflow where we create one dashboard with multiple questions (created via both SQL and the UI) and make it available to all clients, where each question is filtered down by their client_id - which is available as a column on every relevant table.

I've followed these steps

  • We have a user attribute which maps the client_id column to the users relevant client_id (each user = 1 company current)
  • They have granular access to each table - each client_id column is mapped to their client_id user attribute

This allows the client to view their data, without viewing anyone elses. I'm able to make a question (using the UI) in admin, put the question in the client specific folder and it filtering down automatically. However, I can't do this with SQL query questions - it doesn't seem to filter down. I would assume it should be as simple as appending a "where client_id = {client_id_user_attribute}" on the query but it doesn't seem to be the case.

I've run into this which seems useful, but it seems like it's permissions based around clients accessing their data for self-service, rather than my use case. I'm most likely missing something.

Would appreciate any help,
Thanks

Hi @ianlookout, contact us to the support email if you're going to use sandboxing or you plan to go Pro or Enterprise. We provide support during the trial period :slight_smile:

Sure @Luiggi, I've put through an email. Cheers

Another alternative is to use embedded dashboards and questions. Then you can pass through the id without the user seeing it or being able to change it.
Or, you could have multiple instances of Metabase with a different user account for each database connection, then use that to filter. Only works if the user doesn't want to add new questions.