Skip to main content
Metabase provides a comprehensive permissions system to ensure people only see the data they’re authorized to access. Permissions control both what data groups can view and what actions they can perform.
For information about what data Metabase the company can access, see data privacy and security.

Key principles

Understanding these core concepts is essential for managing permissions effectively:
You assign permissions to groups, then add people to those groups. This makes permission management scalable and maintainable.Exception: User attributes can apply person-specific filters for row and column security.
A person can be a member of multiple groups simultaneously. Their effective permissions will be the most permissive across all groups.
If a user is in three groups, and any one group has Curate access to a collection, that user gets Curate access—even if the other groups have No access.
Everyone belongs to the All Users group by default. Before granting specific permissions, block this group’s access to prevent unintended data exposure.Metabase will warn you if All Users has more permissive access than the group you’re restricting.

Accessing permissions settings

1

Open admin panel

Click the grid icon in the upper right > Admin
2

Navigate to permissions

Click Permissions tab (or use Cmd/Ctrl + K and search “Permissions”)
3

Choose permission type

Select the appropriate tab: Data, Collections, or Application

Permission types

Data permissions

Control access to databases, schemas, and tables.
Data permissions are available on Pro and Enterprise plans with granular controls. Open Source includes basic view permissions.

View data permissions

Determines what data people can see in questions, dashboards, models, and metrics. Permission levels:
LevelDescriptionAvailable at
Can viewFull access to all data in the sourceDatabase, Schema, Table
GranularSet permissions per schema or tableDatabase, Schema
Row and column securityRestrict specific rows/columnsTable only
ImpersonatedUse database roles for permissionsDatabase only
BlockedNo access to the dataDatabase, Schema, Table
Can view grants unrestricted access to all data in the source. Users can:
  • View questions and dashboards using that data
  • See models and metrics built on that data
  • Need additional “Create queries” permission to browse databases
Granular lets you set different permissions for individual schemas or tables within a database or schema.Available only at database and schema levels. When selected, Metabase prompts you to set permissions for each child element.
Row and column security (formerly “sandboxing”) restricts data based on user attributes.Common use cases:
  • Multi-tenant analytics: Each customer sees only their data
  • Regional restrictions: Users see only their region’s data
  • Role-based filtering: Managers see their team’s data only
Requires:
  • User attributes configured for each person
  • Table-level permission configuration
Can implement:
  • Row filtering by column values
  • Column hiding
  • Custom SQL views of tables
Impersonated delegates permissions to your database’s role system.Benefits:
  • Centralize permission management in your database
  • Leverage existing database security policies
  • Simplify permission administration
Metabase uses database roles to determine what each user can access. Only available at the database level.
Blocked prevents all access to the data source.Important behaviors:
  • Users cannot view questions using that data, regardless of collection permissions
  • Blocks all native SQL queries from the entire database (even if only one table is blocked)
  • Other groups with Can view access can override the block

Create queries permissions

Controls whether users can create new questions and use the database browser. Permission levels:
Users can create questions using both:
  • Metabase’s visual query builder
  • Native SQL/NoSQL editor
If any table in a database has “Blocked” or “Row and column security” permissions, native query access is disabled for the entire database. Metabase cannot parse SQL to verify table access.
Users can:
  • Create questions with the visual query builder
  • Drill through existing questions
  • Cannot write native SQL queries
Useful for users who need to explore data without SQL access.
Set different query permissions for individual schemas or tables.Allows fine-grained control over which parts of your database users can query.

Download results permissions

Download permissions are available on Pro and Enterprise plans.
Control whether users can export query results and set row limits. Options:
  • No: Cannot download results
  • Granular: Set per-table or per-schema limits
  • 10 thousand rows: Can download up to 10,000 rows
  • 1 million rows: Can download up to 1 million rows
Native SQL downloads require database-level download permissions. Users with only table-specific download permissions cannot download SQL query results.

Manage table metadata permissions

Available on Pro and Enterprise plans.
Controls who can edit table and field metadata, including:
  • Descriptions
  • Display names
  • Field types
  • Visibility settings
Options:
  • Yes: Can edit all metadata for the data source
  • No: Cannot edit any metadata
  • Granular: Set per-table permissions

Manage database permissions

Available on Pro and Enterprise plans.
Grants access to database connection settings. Users with this permission can:
  • Edit connection options
  • Sync schemas manually
  • Scan field values
  • View database settings page
Only administrators can delete database connections. Manage database permission does not include deletion rights.

Transform permissions

Transform permissions are available on Pro and Enterprise plans with Data Studio.
Controls access to manage and run transforms. Requirements:
  • Can only be set at database level
  • Requires “Can view” and “Query builder and native” permissions for all tables

Collection permissions

Control access to questions, dashboards, models, metrics, and other content.
1

Navigate to collections

Go to Admin > Permissions > Collections
2

Select group

Choose the group to configure
3

Set collection access

For each collection, set the appropriate permission level
Permission levels:
LevelCan viewCan editCan save new itemsCan manage permissions
View
Curate
Manage
No access

Application permissions

Application permissions are available on Pro and Enterprise plans.
Grant access to administrative features without making users full administrators.
Control access to Admin > Settings tab, including:
  • General settings
  • Email configuration
  • Slack integration
  • Webhooks
  • Maps
  • Localization
  • Appearance
  • Public sharing
  • Embedding
  • Caching
Grant access to:
  • Performance tools
  • Query logs
  • Troubleshooting utilities
  • Usage analytics
Control who can create:
  • Dashboard subscriptions
  • Question alerts
Set to “No” to prevent users from creating new subscriptions and alerts.

Row and column security

Row and column security (formerly “data sandboxing”) is available on Pro and Enterprise plans.
Restrict access to specific rows and columns based on user attributes.

How it works

Row and column security creates a filtered version of a table that replaces the original table everywhere in Metabase for specific groups.
1

Set up user attributes

Add attributes to users (e.g., Department: “Sales”, Region: “EMEA”)
2

Configure security policy

Define which column to filter and which user attribute to use
3

Apply to group

The filtered table replaces the original for that group
4

Dynamic filtering

Each user sees rows matching their attribute value

Types of security

Filter rows based on a single column matching a user attribute.Example: Filter Accounts table where Region column equals user’s region attribute.Users with region: "EMEA" see only EMEA rows. Users with region: "Americas" see only Americas rows.
Use a saved SQL question to define a custom view with:
  • Multiple row filters
  • Hidden columns
  • Edited/transformed columns
Example: Create a “Restricted Accounts” question that:
  • Hides the Email column
  • Filters by multiple conditions
  • Shows only specific date ranges

Setting up row and column security

1

Prepare prerequisites

  • Create user attributes for affected users
  • Create a group for the secured users
  • (For column security) Create a SQL question in an admin-only collection
2

Navigate to permissions

Go to Admin > Permissions > Data
3

Select table

Find the table to secure
4

Configure security

For the target group, set View data to “Row and column security”
5

Choose security type

Select either row-level filter or custom SQL question
6

Map attributes

Connect user attributes to filter parameters
Important limitations:
  • Cannot secure SQL query results—use collection permissions
  • Doesn’t apply to public links—consider disabling public sharing
  • Users in multiple sandboxes for the same table get permissions errors
  • Native query access unavailable for groups with row and column security

Multi-tenant analytics tools

Database routing

Build questions once and route queries to different databases based on the user. Use case: Each customer has their own database with identical schemas.

Connection impersonation

Use database roles to manage permissions directly in your database. Use case: You prefer centralized permission management at the database level.

Best practices

1

Start with All Users blocked

Block All Users group from all databases before granting specific permissions
2

Group by role or department

Create groups that mirror your organizational structure
3

Use least privilege

Grant the minimum permissions needed for each group’s responsibilities
4

Document permission strategy

Maintain documentation of your permission structure and reasoning
5

Regular audits

Periodically review and adjust permissions as needs change
6

Test with non-admin accounts

Verify permissions work as intended by testing with regular user accounts

Common permission patterns

Scenario: Executives need view-only access to key dashboardsSetup:
  • Create “Executives” group
  • Grant “Can view” data permissions
  • Grant “View” collection permissions to Executive Dashboards collection
  • Block “Create queries” to prevent ad-hoc analysis
Scenario: Analysts need to explore and create contentSetup:
  • Create “Analysts” group (or use Data Analysts group on Pro/Enterprise)
  • Grant “Can view” data permissions
  • Grant “Query builder and native” create permissions
  • Grant “Curate” collection permissions
  • Grant “1 million rows” download permissions
Scenario: Sales reps see only their region’s dataSetup:
  • Add region user attribute to each rep
  • Create “Sales” group
  • Configure row-level security filtering Sales data by region
  • Grant “Query builder only” create permissions
  • Grant “View” collection permissions to Sales collection
Scenario: Each customer sees only their own dataSetup:
  • Add customer_id user attribute
  • Create per-customer groups or use single group with attributes
  • Configure row and column security filtering by customer_id
  • Grant “View” collection permissions to shared dashboards
  • Block “Create queries” to prevent custom analysis

Troubleshooting permissions

Check:
  1. User’s group memberships
  2. All Users group permissions (might be blocking)
  3. Both data and collection permissions
  4. Whether data permissions are “Blocked” somewhere
  5. Row and column security filters
Check:
  1. All groups the user belongs to
  2. All Users group permissions (most permissive wins)
  3. Whether user is in Administrators group
  4. Collection inheritance from parent collections
Cause: Any table in the database has “Blocked” or “Row and column security” permissions.Solution: Remove row restrictions or use impersonation instead if users need SQL access.
Cause: User is in multiple groups with different row and column security on the same table.Solution: Remove user from all but one group, or set other groups’ permissions to “Blocked” for that table.

Build docs developers (and LLMs) love

Get started for freeTalk to us