I believe this to an essential feature for your customers who are creating custom solutions
A user can be created with permission revoked to edit SQL. But user can still view the SQL. I believe the correct behavior s/b that user cannot edit and cannot view the code. This may have been the intent as evident from the dialog box that appears when saving the users rights.
EDIT: There’s already an issue filed on it - go and upvote by clicking on the first post:
Like I said in the other post, there are other ways to view the query besides the editor window, so hiding the editor wouldn’t protect the query code.
Hello gents, back on this topic As far as I can tell, and experimented extensively with 0.33.2, there is no way to suppress question construction from a user, which giving user ability to execute a pulse
I want to suppress viewing of question construction for my future customers, to protect the IP.
- created a group and a test user in the group
- for the group, and in admin form,
Data permissions all X out
- I created a sub collection that contains only pulses. - test user full access properties to it (since user has to provide their email address for the pulse). The pulse content references questions in another subgroup that is X out.
- All other subcollections are X out.
Is there any way to protect questions construction from view while allowing the report content to be viewed?
If you don’t want any way of showing the query, then use a
stored procedure, which most databases support.
I think that the Metabase dev team missed a key feature of the system with regard to permissions.
How to restrict users from viewing SQL?
@beta That's already implemented in 0.36.0, when users don't have permissions to write SQL: