I am currently using the free version of Metabase for learning and testing purposes. I've set up two dashboards for two different users based on hardcoding state names into the filters. The expectation is that users should only be able to view data for their respective states.
For example, if a user from Karnataka login, they should only see data related to Karnataka, and similarly for another user from a different state.
The Problem: When a user from Karnataka logs in, they are initially presented with the correct data. However, if they manually modify the URL and change the query parameter from select_state=Karnataka to another state like select_state=Kerala, they can then access data for Kerala, which should not be permitted.
For example:
Original URL (working as expected): /dashboard/4-state-report-karnataka?state_param=Karnataka
Modified URL (security issue): /dashboard/4-state-report-karnataka?state_param=Kerala
I would appreciate your help in fixing this issue or guiding me towards the correct way to implement state-specific access restrictions that cannot be overridden by URL changes.
Thank you for your attention to this matter!
Created two dashboards for each state user with the same question card, But state user-1 logs in and manipulates URL and sees data of other state
This unauthorised access exposes data from other states, which breaks the intended state-specific restrictions. My expectation was that each user would be restricted to their own state data, regardless of any changes they make to the URL.
My name is Luis and I work for the Metabase Success Engineering team
The problem that you're trying to solve here is to make internal users (in this specific case) to see their data and not be able to change the filters. Metabase has a feature called "Data Sandboxes" (https://www.metabase.com/docs/latest/permissions/data-sandboxes) that allows administrators to use user properties to be injected into the query that arrives to the data warehouse, without the user being able to modify the query at all (the rewriting happens on the backend).
We put a lot of effort and people's time in the documentation of the product, so please use that before looking for answers somewhere else. Most probably every single need is either addressed or we have an issue created in our public github issue tracker.
