Hello there, I am trying to implement some access control with DB Connect. I want to do something basic like: - users from role_a can only query db_a - users from role_b can only query db_b So I have meta files below: default.meta: []
access = read [ admin , role_a, role_b ] local.meta: [db_connections/db_a]
access = read [ role_a ]
[identities/db_a]
access = read [ role_a ]
[db_connections/db_b]
access = read [ role_b ]
[identities/db_b]
access = read [ role_b ] As a result, when logged in as a user from role_a, as expected, I cannot see db_b connection/identity. However, I am still able to retrieve data from db_b using dbxquery: | dbxquery "select ..." connection=db_b It will still work despite not having read access to db_b connection/identity objects. Is there an additional metadata entry to limit dbxquery access to specified connections/identities, or dbxquery command does not take care of object permissions at all?
... View more