Make data explorer available to moderators

isn’t it better if this plugin be available for moderators as well?

currently only admins have access to the plugin, and mods get this error when clicking on the plugin: “The data explorer is only available to admins.”

moderators also need to be able to analysis some user behaviors, and direct access to the plugin helps.

4 Likes

This would give them complete read only access to your database. Not recommended in all cases I do not think

For example all they need to do is do

select * from api_keys

With that then they have access to the system & any admin generated API Keys allowing them to perform admin functions.

7 Likes

There is a whole discussion somewhere on meta about admins vs moderators, and how much trust to put in them. The discourse team all have admin privs here on meta, for example, as you can see on the about page. Personally I limit it (just two of us have admin privs) and then the two of us own the hassle of having to run reports and share them with the rest of the team. This is less than ideal - really we just limit the access to avoid having to train everyone on what to stay away from. Not everyone on my team is interested in seeing all the admin features, even if we do trust them with the data.

Can you give an example of the type of analysis moderators need to be allowed to do?

I’ve often wished for the ability to create a query, and then make just that query available to moderators. Or the ability to have the results of a query sent to me (or another discourse user) on a schedule, along the lines of the user export which is niftily delivered by PM.

6 Likes

I don’t know the ETA but AFAIK there are plans to expose Admin vetted queries to Moderators via the dashboard.

I am a moderator at SitePoint, not an admin, so I don’t have access to Data Explorer there. I do have access to Data Explorer on my localhost installs so I have some experience with what it is able to do.

Although the plugin has safety built in as far as protecting the database, it is very powerful in terms of what data it can provide. Some of which should, IMHO, not be available to any other than an admin. (eg. both personal and private information).

On the other hand, there have been a few times I have petitioned our admin to run a query for me and reply back with the results and he has gracefully obliged.

6 Likes

The new dashboard is currently planned for this release (Discourse Version 2.0). Of course that is always subject to change.

What I cannot confirm is if exposing Data Explorer queries is planned for the first release of the new dashboard, or if it will wait until a later improvement pass.

3 Likes

for data analysis, we have a colleague who needs to have access to the user data. he is currently playing with the data to see if he can extract patterns for “topic-user” and “user-user” interactions.

we can user “localhost” or “admin access” in this case as mentioned above, but I was wondering what will happen if moderators have access to the plugin as well. since they already have access to users information in the user section of admin panel.

The plan is for some queries to be marked safe as runnable by staff, but not to expose all of data explorer proper.

7 Likes

Any chance we can mark queries that we make to be exposed to moderators? I’ve been working on a few things on SP that I wouldn’t mind exposing the data of, as it is meant for their eyes, right now I export/copy it to a topic, which requires manual effort.

4 Likes

Yes, that is the plan!

3 Likes

What is the current status of having this feature enabled? I found this thread after discovering only admins could run the queries. Having access to a few admin vetted queries would be fantastic for some of the work we are doing on our forum.

Thanks.

1 Like

There is a bigger piece that I think I would prefer to build here. It is in my wish list, but not slotted.

I would like you to be allowed to “expose” running a query to an arbitrary group. It would keep authoring as an admin only thing, I never want to change that. But running… it can be any group.

This unlocks all sorts of stuff like the ability to add custom reports to our mod dashboard, something @joffreyjaffeux has been interested in for a while.

If anyone from the community is interested in this kind of project please post some screenshots of mockups of how the UX would work, how would you “grant run permission” for a particular report to a group. Where would you see this? And so on…

9 Likes

I would love to take a stab at this feature. I put together a couple screenshots of my mockup.

The first screenshot is the edit view for a report. Admin can add groups to have access to download the results of the report.

The biggest question to me is how to present the reports to the users within a group. My initial thought was to only show the JSON and CSV buttons to non-admin users, which would run the report if it has not already been run, but would prevent a non-admin from running a query over and over.

@sam Let me know what you think about this direction. (I can only post 1 image per post so I will post the other image in a following post)

7 Likes

Here is the other screenshot. This tab would of course only be available to members of the group. -

5 Likes

I think you want to let the group members be able to have access to the Run button.

Here’s why: if you can’t trust the users not to try to disable the site re-running the query then you shouldn’t add them to the group. Most of the time data explorer queries are useful in the UX, not to download and then look at in some other tool. Also, the display does Nice Things (like display user_id and topic_id in useful ways that are difficult to replicate if you download the data.

2 Likes

That makes sense. The run functionality would simply mirror what admins see when they press run, with the results being display below.

Would it be helpful to display the last run time to the group as well?

5 Likes

I really like that you found a natural place for this in groups, I think though that we should have a dedicated tab on the groups page cause I don’t think this fits into activity.

Maybe between “Messages” and “Manage”: if you have 1 or more reports you can (and you are an explicit member of the group) tab shows up.

That also gives you a bit more width to work with.

People with access to a report should be allowed to “add params” if it is a paramaterized report and run it with the same controls we have on admin. On the fence about if they should see the SQL so I guess no for now.

Regarding where to place the permissions: I would prefer if it is less obtrusive on the admin page, I guess we can start there but with less text.

I say, feel free to get started if this feedback all makes sense!

8 Likes

Thanks for such good feedback. That all makes sense to me, and I will start on it.

6 Likes

@sam ,
Default queries (already present when the plugin is installed) are not editable.

In my screenshots, the ability to expose a query to a group is accessed through editing the query. Should default queries be exposable to groups as well?

If so, I am thinking the design might need to change a bit to accommodate both types of queries.

4 Likes

Yeah I think metadata about the query such as, when it last ran, who has permission to run it etc should be in a dedicated table. You should be allowed to set permission for built-in queries as well. (they have stable ids)

5 Likes

I would like to share what I have done, and get some feedback.

Here are screenshots working from the queries admin index, adding a group, and then viewing the query from the non-admin side.

Link to PR





13 Likes