1

Hi All,
We already have a query result db but I need to limit access to other queries/dashboards using the same data source. Therefore I was thinking about creating another query result db and using that specifically for the dashboard I want to expose. Is this a recommended approach? Please advise.

I looked for dashboard level permissions but that doesn’t seem to be a feature in Redash…yet.

Version: 8.0.0+b32245 (a16f551e)

2

This can work but it’s not going to be as clean as you think. Dashboards don’t use data sources. It’s the queries that use them. So you’ll need to create queries against this new QRDS and then assemble a dashboard.

Redash doesn’t have the best permissions model for this. Hoping to see this change in the next year or so.

3

You’re absolutely right @jesse. It won’t be straight forward for sure but better than recreating the dashboards in Superset. I realized that since I can only limit a new user group to query result data source the end users would be able to see all queries hitting the query result data source, that’s why I opted for a 2nd query result db. Just to confirm my understanding, but the new query result (named something different) shouldn’t interfere/impact the existing one correct?

4

Right. You can have multiple QRDS. They don’t affect each other.

Mind you: the users will still need access to the other non-QRDS data sources. Otherwise they won’t see any data in the dashboards.

5

Thanks for the heads up. I actually created a new group and gave access to query_results data source and 1 out of the 3 dashboards gave an error. Looks like it’s hitting non-QRDS data source :frowning:

6

That’s the point! QRDS still checks the permissions of the underlying queries…

You can’t use QRDS as a proxy to grant access to data that users don’t have access to explicitly via other data source permissions.

7

From the docs:

Query Results Permissions

Access to the Query Results Data Source is governed by the groups it’s associated with like any other Data Source. But Redash will also check if a user has permission to execute queries on the Data Sources the original queries use.

As an example, a user with access to the QRDS cannot execute SELECT * FROM query_123 if query 123 uses a data source to which that user does not have access. They will see the most recently cached QRDS query result from the query screen in Redash. But they will not be able to execute the query again.