User without query editing access cannot open downloaded xlsx data after using the filters

Get Help
1

Hi,

I am struggling permission setting. Is there anyway that a user without the ability to write sql queries use the filters and download the data?

Ex:
I have 2 filters: Period and Date Filter

Period changes the date_trunc(Period, date_column) allowing the user to group the data by day, week, month, quarter, and year.

Date Filter allows for the range to change.

If the users changes the preset that I have, they are unable to open the excel file they are downloading. If they download it as a csv they are getting one row and second column says permission error.

Is there already a ticket about this issue?

Thank you,
Vinayak

{
  "browser-info": {
    "language": "en-US",
    "platform": "MacIntel",
    "userAgent": "Chrome/84.0.4147.89",
    "vendor": "Google Inc."
  },
  "system-info": {
    "file.encoding": "UTF-8",
    "java.runtime.name": "OpenJDK Runtime Environment",
    "java.runtime.version": "11.0.7+10",
    "java.vendor": "AdoptOpenJDK",
    "java.vendor.url": "https://adoptopenjdk.net/",
    "java.version": "11.0.7",
    "java.vm.name": "OpenJDK 64-Bit Server VM",
    "java.vm.version": "11.0.7+10",
    "os.name": "Linux",
    "os.version": "4.14.181-140.257.amzn2.x86_64",
    "user.language": "en",
    "user.timezone": "GMT"
  },
  "metabase-info": {
    "databases": [
      "postgres",
      "h2",
      "redshift"
    ],
    "hosting-env": "elastic-beanstalk",
    "application-database": "postgres",
    "application-database-details": {
      "database": {
        "name": "PostgreSQL",
        "version": "11.6"
      },
      "jdbc-driver": {
        "name": "PostgreSQL JDBC Driver",
        "version": "42.2.8"
      }
    },
    "run-mode": "prod",
    "version": {
      "date": "2020-05-28",
      "tag": "v0.35.4",
      "branch": "release-0.35.x",
      "hash": "b3080fa"
    },
    "settings": {
      "report-timezone": null
    }
  }
}
2

Hi @VinayakK
Can you check the Admin > Troubleshooting > Logs for the full error generated?

3

Hi @flamber,

I could not find the error in the logs but this is what printed out in the csv when I downloaded it with the filters

**{"database_id":5** started_at:"2020-07-30T20:26:13.469649Z" error_type:"missing-required-permissions" json_query:{"type":"native" middleware:{"skip-results-metadata?":true format-rows?:false} native:{"query":"select\nt.name as \"Practice\" \ndate_trunc({{Period}} pc.created_at) as date \ncount(pc.code)\nfrom \"go\".connections c \nright join (select * from \"go\".participant_codes [[where {{DateFilter}}]]) pc \non c.participant_code_id = [pc.id](http://pc.id) \njoin \"go\".connection_templates ct \non [ct.id](http://ct.id) = pc.connection_template_id \njoin \"go\".teams t \non [t.id](http://t.id) = ct.team_id \nwhere ct.connection_product_id is null \nand t.is_dev = 'False'\ngroup by 1 2\norder by 2 1;" template-tags:{"Period":{"id":"9a1cac24-1fad-bdeb-c738-cd895c5c7e0f" name:"Period" display-name:"Period" type:"text" default:"month" required:true} DateFilter:{"id":"838f6aaf-0e9b-7d28-ab91-7fd15124e136" name:"DateFilter" display-name:"Datefilter" type:"dimension" dimension:["field-id" 2529] widget-type:"date/all-options" default:null}}} database:5 parameters:[{"type":"category" target:["variable" ["template-tag" Period]] value:"month"} {"type":"date/all-options" target:["dimension" ["template-tag" DateFilter]] value:"2020-06-01~2020-09-30"}] async?:true cache-ttl:null} status:"failed" class:"class clojure.lang.ExceptionInfo" stacktrace:["--> query_processor.middleware.permissions$perms_exception.invokeStatic(permissions.clj:30)" query_processor.middleware.permissions$perms_exception.invoke(permissions.clj:29) query_processor.middleware.permissions$fn__42280$check_ad_hoc_query_perms__42285$fn__42286.invoke(permissions.clj:43) query_processor.middleware.permissions$fn__42280$check_ad_hoc_query_perms__42285.invoke(permissions.clj:38) query_processor.middleware.permissions$fn__42312$check_query_permissions_STAR___42317$fn__42323.invoke(permissions.clj:54) query_processor.middleware.permissions$fn__42312$check_query_permissions_STAR___42317.invoke(permissions.clj:47) query_processor.middleware.permissions$check_query_permissions$fn__42338.invoke(permissions.clj:63) query_processor.middleware.pre_alias_aggregations$pre_alias_aggregations$fn__43813.invoke(pre_alias_aggregations.clj:40) query_processor.middleware.cumulative_aggregations$handle_cumulative_aggregations$fn__42536.invoke(cumulative_aggregations.clj:61) query_processor.middleware.resolve_joins$resolve_joins$fn__44345.invoke(resolve_joins.clj:183) query_processor.middleware.add_implicit_joins$add_implicit_joins$fn__39271.invoke(add_implicit_joins.clj:245) query_processor.middleware.limit$limit$fn__43135.invoke(limit.clj:38) query_processor.middleware.format_rows$format_rows$fn__43116.invoke(format_rows.clj:81) query_processor.middleware.desugar$desugar$fn__42602.invoke(desugar.clj:22) query_processor.middleware.binning$update_binning_strategy$fn__41628.invoke(binning.clj:229) query_processor.middleware.resolve_fields$resolve_fields$fn__42144.invoke(resolve_fields.clj:24) query_processor.middleware.add_dimension_projections$add_remapping$fn__38807.invoke(add_dimension_projections.clj:270) query_processor.middleware.add_implicit_clauses$add_implicit_clauses$fn__39027.invoke(add_implicit_clauses.clj:147) query_processor.middleware.add_source_metadata$add_source_metadata_for_source_queries$fn__39420.invoke(add_source_metadata.clj:105) query_processor.middleware.reconcile_breakout_and_order_by_bucketing$reconcile_breakout_and_order_by_bucketing$fn__44010.invoke(reconcile_breakout_and_order_by_bucketing.clj:98) query_processor.middleware.auto_bucket_datetimes$auto_bucket_datetimes$fn__41269.invoke(auto_bucket_datetimes.clj:125) query_processor.middleware.resolve_source_table$resolve_source_tables$fn__42191.invoke(resolve_source_table.clj:46) query_processor.middleware.parameters$substitute_parameters$fn__43795.invoke(parameters.clj:97) query_processor.middleware.resolve_referenced$resolve_referenced_card_resources$fn__42243.invoke(resolve_referenced.clj:80) query_processor.middleware.expand_macros$expand_macros$fn__42858.invoke(expand_macros.clj:158) query_processor.middleware.add_timezone_info$add_timezone_info$fn__39451.invoke(add_timezone_info.clj:15) query_processor.middleware.splice_params_in_response$splice_params_in_response$fn__47166.invoke(splice_params_in_response.clj:32) query_processor.middleware.resolve_database_and_driver$resolve_database_and_driver$fn__44021$fn__44025.invoke(resolve_database_and_driver.clj:33) driver$do_with_driver.invokeStatic(driver.clj:61) driver$do_with_driver.invoke(driver.clj:57) query_processor.middleware.resolve_database_and_driver$resolve_database_and_driver$fn__44021.invoke(resolve_database_and_driver.clj:27) query_processor.middleware.fetch_source_query$resolve_card_id_source_tables$fn__43064.invoke(fetch_source_query.clj:243) query_processor.middleware.store$initialize_store$fn__47175$fn__47176.invoke(store.clj:11) query_processor.store$do_with_store.invokeStatic(store.clj:46) query_processor.store$do_with_store.invoke(store.clj:40) query_processor.middleware.store$initialize_store$fn__47175.invoke(store.clj:10) query_processor.middleware.cache$maybe_return_cached_results$fn__42120.invoke(cache.clj:209) query_processor.middleware.validate$validate_query$fn__47184.invoke(validate.clj:10) query_processor.middleware.normalize_query$normalize$fn__43162.invoke(normalize_query.clj:22) query_processor.middleware.add_rows_truncated$add_rows_truncated$fn__39289.invoke(add_rows_truncated.clj:36) query_processor.middleware.results_metadata$record_and_return_metadata_BANG_$fn__47151.invoke(results_metadata.clj:124) query_processor.middleware.constraints$add_default_userland_constraints$fn__42479.invoke(constraints.clj:42) query_processor.middleware.process_userland_query$process_userland_query$fn__43884.invoke(process_userland_query.clj:136) query_processor.middleware.catch_exceptions$catch_exceptions$fn__42422.invoke(catch_exceptions.clj:174) query_processor.reducible$async_qp$qp_STAR___38090$thunk__38091.invoke(reducible.clj:101) query_processor.reducible$async_qp$qp_STAR___38090$fn__38093.invoke(reducible.clj:106)] context:"csv-download" error:"You do not have permissions to run this query." row_count:0 running_time:0 ex-data:{"type":"missing-required-permissions" required-permissions:["/db/5/native/"] actual-permissions:["/db/5/schema/go/table/335/" /db/5/schema/go/table/287/ /db/5/schema/go/table/358/ /db/5/schema/go/table/350/ /db/5/schema/rails/table/328/ /db/5/schema/rails/table/337/ /db/5/schema/rails/table/294/ /db/5/schema/rails/table/329/ /db/5/schema/rails/table/316/ /db/5/schema/go/table/282/ /db/5/schema/public/ /db/5/schema/go/table/288/ /db/5/schema/go/table/355/ /db/5/schema/go/table/319/ /db/5/schema/go/table/310/ /db/5/schema/go/table/441/ /db/5/schema/rails/table/344/ /collection/root/ /db/5/schema/go/table/297/ /db/5/schema/go/table/318/ /collection/10/ /db/5/schema/go/table/443/ /db/5/schema/go/table/280/ /db/5/schema/go/table/292/ /db/5/schema/rails/table/293/ /db/5/schema/rails/table/341/ /db/5/schema/go/table/322/ /db/5/schema/go/table/348/ /db/5/schema/go/table/284/ /db/5/schema/go/table/285/ /db/5/schema/rails/table/339/ /db/5/schema/rails/table/324/ /db/5/schema/rails/table/352/ /db/5/schema/go/table/347/ /db/1/ /db/5/schema/go/table/299/ /db/5/schema/go/table/305/ /db/5/schema/go/table/325/ /db/5/schema/go/table/332/ /db/5/schema/rails/table/303/ /db/5/schema/go/table/353/ /db/5/schema/go/table/323/ /db/5/schema/rails/table/345/ /db/5/schema/go/table/291/ /collection/12/ /db/5/schema/rails/table/307/ /db/5/schema/rails/table/338/] permissions-error?:true} data:{"rows":[] cols:[]}}

4

@VinayakK I’m fairly sure you’re seeing this issue:
https://github.com/metabase/metabase/issues/12745
It was fixed in 0.36.0 - latest release is 0.36.2 - remember to backup before upgrading, since it’s not possible to downgrade from 0.36.0

5

Hi @flamber,

Thank you! I did will take backups and upgrade.

Best,
Vinayak