You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Schemas and table metadata is synchronized using the main connection credentials. However, with impersonation enabled, query access varies based on the database role assigned by impersonation to the user. Ideally, users should only see the schemas and tables they are entitled to query.
Describe the solution you'd like
Provide a mechanism for admins to control the visibility of database resources (schemas, tables, columns(?)) for specific groups of users with impersonated access, so that this is in alignment with the effective data access of the user.
Describe alternatives you've considered
n/a
How important is this feature to you?
This is important for customers who need strict controls on the visibility of database resources, in addition to implementing row-level security.
The text was updated successfully, but these errors were encountered:
Our ideal solution here is that when using impersonation, the permissions are all pushed down to the database. This would include RLS but also which schemas/tables the role has access to: if the group's role doesn't have select access to a table or view, it wouldn't be visible via the UI and attempting to query it directly would appear the same as if they attempted to query a non-existent object.
Is your feature request related to a problem? Please describe.
Schemas and table metadata is synchronized using the main connection credentials. However, with impersonation enabled, query access varies based on the database role assigned by impersonation to the user. Ideally, users should only see the schemas and tables they are entitled to query.
Describe the solution you'd like
Provide a mechanism for admins to control the visibility of database resources (schemas, tables, columns(?)) for specific groups of users with impersonated access, so that this is in alignment with the effective data access of the user.
Describe alternatives you've considered
n/a
How important is this feature to you?
This is important for customers who need strict controls on the visibility of database resources, in addition to implementing row-level security.
The text was updated successfully, but these errors were encountered: