Restricted Access

Hi there

We love Redash! Just want some guidance on a specific scenario.

We have a full replica of our database available in redash, but there is a cohort of users we want to only be able to see specific queries and use them in a read-only mode (but allow them to use the parameters).

It looks like we can isolate based on groups to specific data sources, and I was wondering if I can make a query into a data source, and then build the query on top of that? Or any better suggestion?

The people involved are semi-trusted, but we’d just like this measure of control

We’re running self hosted Version: 7.0.0+b17535 (15c815fb)

Thanks!

From the docs:

Access to the Query Results Data Source is governed by the groups it’s associated with like any other Data Source. But Redash will also check if a user has permission to execute queries on the Data Sources the original queries use.

So that won’t work for your needs. We’re working to improve the story around permissions for a future release. For the time-being I’d recommend the following:.

  1. Create a user in your replica database with permissions to only the tables or rows your semi-trusted users should see.
  2. Create a Data Source in Redash with the account from step one.
  3. Create a group in Redash with View Only access to the DS from step two. View only access will stop group members from creating new queries.
  4. Use an Admin account to make the queries.

If these semi-trusted users need to use parameters then you should upgrade to Redash V8 which came out earlier this month. Prior to V8 parameters were only available to users with Full Access to a data source. All parameters except Text Type parameters are available to Read Only users as of V8.

If you don’t want these semi-trusted users to even see the queries at play, you can use dashboard secret links.