View only user can edit the Query Library! And see Create a web app option

I have a Affiliate user group that is very locked down - they can only view certain apps, use certain resource and so on. Also the All Users group can basically do nothing.

If they go to their Default Workspace like this:


It opens the normal App view, all of the Create App/Database/Resource options show up. These are not functional thankfully!

If you click the hide link in the upper right is goes away and I can't find a way to get it back.

But the Query Library tab is there and they can make changes there!

This is on Cloud.

Thanks for flagging this @bradlymathews!

The Create App/Database/Resource issue repros for me as well, I'll pass it along to the dev team.

For the query library issue - what permissions do those users have on the query library?

In order to fully hide the QL tab they would need to be set to No access in all of their groups:

With Use queries in apps they should be able to see the QL tab and run the queries but not edit them.

I missed that setting in All Users - was set to Edit queries there. I now have All Users set to Use queries in apps, editors and admins to Edit queries and everyone else to No Access.

Now they can still see the queries, but not edit them. They really, really should be even be able to see them though. We will be giving customers access to certain apps and we don't want them seeing any of the sausage making or other proprietary secrets. Anything else I am missing?

Not that I'm aware of :pensive: I surfaced it as a feature request with the dev team. And will follow up here if it gets included.

Any updates on the above topic?

I have a similar problem when I want users to be able to use queries from the Query Library in my apps but not run or see them on the Query Library tab.

Right now users with Use queries in apps can access /querylibrary endpoint where they can see and run queries that could end up with data corruption.

Hi @Mathias, as @bradlymathews mentioned, we currently cannot hide some of the sausage making steps of our organization. However, we can choose which queries we want to share with our users. In addition to the "Use Only" configuration in "Permission Groups" (available on Business plan and above), we can also share specific queries in our "Query Library."

Permissions setting for custom user group:

Here are two queries I created using the same "Resource", and I shared only one with my users:

This is what my users see on their end:

We don't have any updates yet on the Feature Request to hide the QL from those with run permissions, but we will keep you posted on any updates. :slightly_smiling_face: