Allow "everyone" access to data explorer query doesn't work

If you select “everyone” as a group that can access a given data explorer query, it doesn’t complain. You can then get the link to access that query on the page that lists the queries, and it is in the form: https://my.forum.domain/g/everyone/reports/43

But if you try to visit that link you just get “something went wrong.”

Trust level 0 does work, so guessing this response also applies here:

2 Likes

why would you want to give everyone access to your database, such a security risk

To me the request is about removing a quirk from the UI. If it is broken don’t show it

5 Likes

what sam said…

in my case, it’s a login required site. i’m designing the query. queries are read only already per the design of the plugin.

so i see it as just a cheap way to expose some data otherwise not readily available in the UI. another approach would be to jam the same query into a dedicated plugin and then install that plugin…

but if i’m missing something here from the security perspective, i’m still listening.

2 Likes

https://github.com/discourse/discourse-data-explorer/pull/59

All good, group everyone does not show up but trust_level_0 can be used to the same effect.

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.