You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users can Edit a Model Query using Native Query editor Without Having PermessionPermission
To Reproduce
a. Create a Group with preview-only access and add a user to this group only.
b. Disable Native Query Editor for this Group.
c. Create a user with model creation access.
d. Create a model with native query enabled and add it to the analytics collection.
e. Log in as the user from the newly created group.
f. Navigate to the newly created model.
g. Attempt to edit the model query.
Expected behavior
The user from the group with preview-only access, and with the Native Query Editor restricted, should not be able to edit the model query. The system should enforce the read-only access level set for the group, preventing any modifications to the model's query.
Logs
the log will be no use case for this.
Information about your Metabase installation
Version 124.0.6367.201 (Official Build) (64-bit)Windows 11MySql 0.49.8Jar File on UbuntuMySql
Severity
Altering Security and access rights
Additional context
No response
The text was updated successfully, but these errors were encountered:
Describe the bug
Users can Edit a Model Query using Native Query editor Without Having PermessionPermission
To Reproduce
a. Create a Group with preview-only access and add a user to this group only.
b. Disable Native Query Editor for this Group.
c. Create a user with model creation access.
d. Create a model with native query enabled and add it to the analytics collection.
e. Log in as the user from the newly created group.
f. Navigate to the newly created model.
g. Attempt to edit the model query.
Expected behavior
The user from the group with preview-only access, and with the Native Query Editor restricted, should not be able to edit the model query. The system should enforce the read-only access level set for the group, preventing any modifications to the model's query.
Logs
the log will be no use case for this.
Information about your Metabase installation
Severity
Altering Security and access rights
Additional context
No response
The text was updated successfully, but these errors were encountered: