View-only permission issues and considerations


We use Metabase to build dashboards for our external partners to showcase payment trends via our services. The dashboards look sleek and professional, thanks for the great platform :slight_smile: Generally we follow the idea of presenting the dash in a 'as is' status, meaning we don't want partners to tinker around and create their own dashboards. But recently we have been encountering issues with such approach, so I wanted to ask/check regarding the few points below:

  1. Account credentials. Right now, if you know credentials of an account, you can change an email and password of the account without admins being notified. F.e. we can give access to partner contact or their team, and they can change it to any personal email or email, change password and no notifications will be shown to admins. I believe activity feed also doesn't show these kind of changes.
    Is there a way to configure notifications to be sent to admins whenever a user changes their email/password?

  2. Currently, if user has no data permission, drop-down field filters or auto-completing don't work. But, the issue with granting users access to data is that there is no way to stop users from a) creating their own questions; b) going to 'browse data' and attempting to download the entire table. Both can cause issues to server in case of big tables.

Are you looking into possibility to have a different set of permissions to allow reading from a table via questions/dashboards, but no ability to do anything else with data?

  1. Users can create their own dashboards from questions even if they have no data access. We've had 1 case of a person copying all of questions with different filters several times over from a collection they had read-only access to and creating a dash in their personal collection. A singular case ofc, but every time that personal dash was opened, the overall performance was slowed down for a bit as it was using quite a lot of data, so we had to investigate why.
    Is there anything in plans to stop users from creating their own dashboards in personal space, especially when they have only read access to questions is a collection?

I saw somewhere that you mentioned that 0.40 will bring some changes to permissions logic, would love to know if any of the topics above are touched upon. Thank you

Hi @stefkozak

  1. You should setup SSO if you want to control the users separately. There's an issue open for not providing some of the information:
    And we're working on several things to log changes throughout - some might be available in the Open Source, while others will be available in the Enterprise Edition as parts of the Audit logs:
  2. We're working on several issues involving filters and dropdowns - some of those fixes might land in 39.x, others in 40.x and later.
  3. This is a thin-lined sword. I know a lot who uses the read-only access to create templates, so the users can duplicate dashboard/questions without changing the templates.
    I think your use-case is slightly different from what the intended goal of Personal Collections was, but I know we're looking into various aspects of that, but will likely be 41+
    A workaround for you is to create a database trigger, which prevents creation of dashboard/questions in Personal Collections.

Thank you for the swift answers @flamber

  1. We're using Google Auth for our internal users, will discuss with team how scalable it to use for each partner's domain as this has not been an issue so far
  2. Noted, looking forward to updates.
  3. Never thought of using it that way. In such a case, removing the functionality does not make a sense indeed