Error when running a query with parameters without full access to a given datasource


#1

I created a query with parameters (eg: SELECT 'test' WHERE 1 = {{parameter}}) and an user without full access to the datasource can not use this new query.

As I am not sure if this is already addressed in newer versions, I am reporting it on this forum instead of creating a new issue on Jira.

Steps to Reproduce the Problem:

  1. Login as an user with full access to a given MySQL datasource
  2. Create a query that uses parameters based on this datasource (eg: SELECT 'test' WHERE 1 = {{parameter}})
  3. Add the query to a dashboard
  4. Login as an user with only access to the given MySQL datasource
  5. Now try to access the dashboard / apply filters to the query

A message “Error running query: You do not have permission to run queries with this data source.” will be shown.

The expected behavior would be the read only user to be able to run this query. OR a new permission would be created to let users run queries changing parameters values without changing queries code.

Technical details:

  • Redash Version: 0.11.1 + b2095
  • Browser / OS: Google Chrome, Windows 7
  • How did you install Redash: not sure, it was already installed

#2

I have encountered the same problem in v1.0.1+b2833.
Users in a group which has View Only access to its data source cannot view the query result,
showing ‘Error running query: You do not have permission to run queries with this data source’.


#3

Any thoughts on this?

I think it is reasonable to expect that view-only users are able to refresh queries with query param.

So I think we could go either

  • Create new permission set “View + Exec” aside from “View Only” and “Full Control”?
  • Change View Only permission set and add ‘execute_query’ to it by default?

#4

I have the same issue for queries with parameters( select * from test where {{parameter_name}}=1 ) for View Only access users.
It displays the error “Error running query: You do not have permission to run queries with this data source.” for queries with parameters.

Does anybody found the way how to avoid that issue?

Redash version: Redash 2.0.0+b2990


#5

Hi,

I’m using Redash 4 here and facing the same issue. I’ve found the line of code (https://github.com/getredash/redash/blob/master/redash/handlers/query_results.py #119) responsible for this error message and it really requires that the current user has full access to the data source (please note “not_view_only” as the last parameter):

if not has_access(data_source.groups, self.current_user, not_view_only):
return {‘job’: {‘status’: 4, ‘error’: ‘You do not have permission to run queries with this data source.’}}, 403

I don’t know if this is intended to work as is or it’s a bug…

Bye for now!

Arnaldo