diff --git a/frontend/src/metabase/admin/permissions/components/PermissionsGrid.jsx b/frontend/src/metabase/admin/permissions/components/PermissionsGrid.jsx
index 8ed4b73b58ed5496137df9b27acc1142c0ba9cde..c03c4f3200456b943221d7abe96e0b676ec62aa8 100644
--- a/frontend/src/metabase/admin/permissions/components/PermissionsGrid.jsx
+++ b/frontend/src/metabase/admin/permissions/components/PermissionsGrid.jsx
@@ -161,6 +161,7 @@ class GroupPermissionCell extends Component {
const value = permission.getter(group.id, entity.id);
const options = permission.options(group.id, entity.id);
+ const warning = permission.warning && permission.warning(group.id, entity.id);
let isEditable = this.props.isEditable && options.filter(option => option !== value).length > 0;
@@ -173,7 +174,7 @@ class GroupPermissionCell extends Component {
<Tooltip tooltip={getOptionUi(value).tooltip}>
<div
className={cx(
- 'flex-full flex layout-centered',
+ 'flex-full flex layout-centered relative',
{ 'cursor-pointer' : isEditable }
)}
style={{
@@ -198,6 +199,13 @@ class GroupPermissionCell extends Component {
/>
</Modal>
}
+ { warning &&
+ <div className="absolute top right p1">
+ <Tooltip tooltip={warning} maxWidth="24em">
+ <Icon name="warning2" className="text-slate" />
+ </Tooltip>
+ </div>
+ }
</div>
</Tooltip>
}
diff --git a/frontend/src/metabase/admin/permissions/selectors.js b/frontend/src/metabase/admin/permissions/selectors.js
index 3cef8dbee16f667710f4525f32fc1b1413fdcb68..aad2c198393df957b2ded4a0a1892a5f6f4161b6 100644
--- a/frontend/src/metabase/admin/permissions/selectors.js
+++ b/frontend/src/metabase/admin/permissions/selectors.js
@@ -76,6 +76,12 @@ export const getIsDirty = createSelector(
export const getSaveError = (state) => state.permissions.saveError;
+const DEFAULT_PERMISSIONS_WARNING = "The All Users group has a higher level of access than this, which is overriding this setting. You should limit or revoke the All Users group's access to this item."
+
+function hasGreaterPermissions(a, b, levels = ["all", "controlled", "none"]) {
+ return (levels.indexOf(a) - levels.indexOf(b)) > 0
+}
+
export const getTablesPermissionsGrid = createSelector(
getMetadata, getGroups, getPermissions, getDatabaseId, getSchemaName,
(metadata: Metadata, groups: Array<Group>, permissions: GroupsPermissions, databaseId: DatabaseId, schemaName: SchemaName) => {
@@ -86,6 +92,7 @@ export const getTablesPermissionsGrid = createSelector(
}
const tables = database.tablesInSchema(schemaName || null);
+ const defaultGroupId = _.find(groups, isDefaultGroup).id;
return {
type: "table",
@@ -116,6 +123,11 @@ export const getTablesPermissionsGrid = createSelector(
title: "Changing this database to limited access"
};
}
+ },
+ warning(groupId, entityId) {
+ if (hasGreaterPermissions(getTablesPermission(permissions, groupId, entityId), getTablesPermission(permissions, defaultGroupId, entityId))) {
+ return DEFAULT_PERMISSIONS_WARNING;
+ }
}
}
},
@@ -142,6 +154,7 @@ export const getSchemasPermissionsGrid = createSelector(
}
const schemaNames = database.schemaNames();
+ const defaultGroupId = _.find(groups, isDefaultGroup).id;
return {
type: "schema",
@@ -173,6 +186,11 @@ export const getSchemasPermissionsGrid = createSelector(
title: "Changing this database to limited access"
};
}
+ },
+ warning(groupId, entityId) {
+ if (hasGreaterPermissions(getTablesPermission(permissions, groupId, entityId), getTablesPermission(permissions, defaultGroupId, entityId))) {
+ return DEFAULT_PERMISSIONS_WARNING;
+ }
}
}
},
@@ -196,6 +214,7 @@ export const getDatabasesPermissionsGrid = createSelector(
}
const databases = metadata.databases();
+ const defaultGroupId = _.find(groups, isDefaultGroup).id;
return {
type: "database",
@@ -225,6 +244,11 @@ export const getDatabasesPermissionsGrid = createSelector(
}
}
},
+ warning(groupId, entityId) {
+ if (hasGreaterPermissions(getSchemasPermission(permissions, groupId, entityId), getSchemasPermission(permissions, defaultGroupId, entityId))) {
+ return DEFAULT_PERMISSIONS_WARNING;
+ }
+ }
},
"native": {
options(groupId, entityId) {
@@ -251,6 +275,11 @@ export const getDatabasesPermissionsGrid = createSelector(
message: "This will also change this group's data access to Unrestricted for this database."
};
}
+ },
+ warning(groupId, entityId) {
+ if (hasGreaterPermissions(getNativePermission(permissions, groupId, entityId), getNativePermission(permissions, defaultGroupId, entityId), ["write", "read", "none"])) {
+ return DEFAULT_PERMISSIONS_WARNING;
+ }
}
},
},