Hi everyone.
I am looking around the posted topics to see if I am able to avoid to let the user run a specific query against the database (I’m using Postgres btw).
In the ideal use case, the database contains the data of all the users.
Each user has its own dashboard that runs queries to view specific data about domains the user is interested in.
However, since it’s highly sensitive data, I do not want the user to be able to tamper with the queries and retrieve other users’ data.
In fact, by using inspect tool and looking at the browser queries, I can see the “rawSql” parameter that contains the full query that is done for each request.
By using Postman and the same session id I suppose it is simple to create a custom request and launch any query I want against the database.
I have read the following topics:
I am aware that setting a dedicated user in postgres solves the issue about SQLi.
But I would also like to be able to limit the user to view only its data.
Remember that each table in the db contains ALL the data about any user in the system.
One possible solution that I thought about is using a dedicated db user for each grafana user, then create views for all the tables that contain only the data about that specific user in the db.
Moreover, I would then set the db permissions for the user and let him only use SELECT just in the views I just created.
Would it be feasible?
Do you have any suggestion about other possible solutions?
I think this issue goes way beyond grafana. you need to talk to your dba for best approach.
if users can create custom queries what prevents them from running delete database public.company
there are tons of approaches you can use but best to talk to your dba if you have one.
But that said we never ever allow users to run any queries on our databases, if we do it is read only and using stored procedures exclusively on an adjacent database that queries the real db and they always have to pass in their user name or default it to the currently logged in user if they try to be cute.
@yosiasz thank you for your reply and for the suggestions.
I do not have a database administrator if that’s what you’re asking, but I will try to find some help regarding this.
By the way, are you able to confirm if the issue written in my question is actually still an issue in the latest version of Grafana (I’m using the 10.0.3 version, installed from apt)?
I mean, are end users able to run any query they want as indicated in the posts I linked in the question above?
