Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

View-only users cannot execute queries with parameters

See original GitHub issue

Issue Summary

Not an issue maybe, but at least a problematic behaviour for us.

Steps to Reproduce

Create a query with query parameters
Set the datasource for this query to a datasource where another user has only the view-only permission
With this other user, try to inject parameters and then click the refresh button
See this error message

I expect it to be okay (or at least that can be allowed) to execute queries with query parameters for view-only users.

Technical details:

Redash Version: 0.11.0+b1959
Browser/OS: Chrome / OS X
How did you install Redash: AMI

Issue Analytics

State:
Created 7 years ago
Reactions:1
Comments:15 (5 by maintainers)

Top GitHub Comments

10reactions

wichertcommented, May 29, 2017

Why was this ticket closed? As far as I can see this problem still remains.

8reactions

jgouxcommented, Jan 16, 2018

I needed to organize my groups into 3 categories :

admin : have all permissions
default : have no permission
readonly : have readonly permissions and can execute queries with parameters

This is what I did in database in order to achieve my organisation, all the values concern the table groups and the column permissions

admin : {admin,super_admin,create_dashboard,create_query,edit_dashboard,edit_query,view_query,view_source,execute_query,list_users,schedule_query,list_dashboards,list_alerts,list_data_sources}
default : {}
readonly : {list_dashboards,view_query,execute_query}

In order to be able to run parametrized queries as a member of the readonly group, you need to define the datasources for the group as Full Access or it won’t work!

Hope this helps 👍