I set access permissions for the group [“view_query”, “execute_query”, “list_dashboards”]).
The user really stops seeing the request code and the “Edit Source” button has disappeared.
The url looks like this (… / queries / 77? P_Date.start = 2019-12-01 & p_Date.end = 2019-12-31 # 193).
But the user simply changes the url to: (… / queries / 77 / source? P_Date.start = 2019-12-01 & p_Date.end = 2019-12-31 # 193). Now it is unlimited in anything and can view the request code:
How did you “set access permissions”? I can’t find any reference in the documentation to using fine grained access controls like this, only “Full Control” or “View”.
That sounds like you’re hacking the application database to set these permissions, so I wouldn’t expect that to work reliably unless it’s a documented feature.
Login or sign up disabled while the site is in read only mode