Hello there,

I am trying to implement some access control with DB Connect.

I want to do something basic like:

- users from role_a can only query db_a
- users from role_b can only query db_b

So I have meta files below:

default.meta:

[]
access = read [ admin , role_a, role_b ]

local.meta:

[db_connections/db_a]
access = read [ role_a ]

[identities/db_a]
access = read [ role_a ]

[db_connections/db_b]
access = read [ role_b ]

[identities/db_b]
access = read [ role_b ]

As a result, when logged in as a user from role_a, as expected, I cannot see db_b connection/identity.

However, I am still able to retrieve data from db_b using dbxquery:

| dbxquery "select ..." connection=db_b

It will still work despite not having read access to db_b connection/identity objects.

Is there an additional metadata entry to limit dbxquery access to specified connections/identities, or dbxquery command does not take care of object permissions at all?