Hello there,
I am trying to implement some access control with DB Connect.
I want to do something basic like:
- users from role_a can only query db_a
- users from role_b can only query db_b
So I have meta files below:
default.meta:
[]
access = read [ admin , role_a, role_b ]
local.meta:
[db_connections/db_a]
access = read [ role_a ]
[identities/db_a]
access = read [ role_a ]
[db_connections/db_b]
access = read [ role_b ]
[identities/db_b]
access = read [ role_b ]
As a result, when logged in as a user from role_a, as expected, I cannot see db_b connection/identity.
However, I am still able to retrieve data from db_b using dbxquery:
| dbxquery "select ..." connection=db_b
It will still work despite not having read access to db_b connection/identity objects.
Is there an additional metadata entry to limit dbxquery access to specified connections/identities, or dbxquery command does not take care of object permissions at all?