I have a Affiliate user group that is very locked down - they can only view certain apps, use certain resource and so on. Also the All Users group can basically do nothing.
If they go to their Default Workspace like this:
It opens the normal App view, all of the Create App/Database/Resource options show up. These are not functional thankfully!
I missed that setting in All Users - was set to Edit queries there. I now have All Users set to Use queries in apps, editors and admins to Edit queries and everyone else to No Access.
Now they can still see the queries, but not edit them. They really, really should be even be able to see them though. We will be giving customers access to certain apps and we don't want them seeing any of the sausage making or other proprietary secrets. Anything else I am missing?
I have a similar problem when I want users to be able to use queries from the Query Library in my apps but not run or see them on the Query Library tab.
Right now users with Use queries in apps can access /querylibrary endpoint where they can see and run queries that could end up with data corruption.
Hi @Mathias, as @bradlymathews mentioned, we currently cannot hide some of the sausage making steps of our organization. However, we can choose which queries we want to share with our users. In addition to the "Use Only" configuration in "Permission Groups" (available on Business plan and above), we can also share specific queries in our "Query Library."
Permissions setting for custom user group:
Here are two queries I created using the same "Resource", and I shared only one with my users:
This is what my users see on their end:
We don't have any updates yet on the Feature Request to hide the QL from those with run permissions, but we will keep you posted on any updates.
I surfaced it as a feature request with the dev team. And will follow up here if it gets included.
