Add runQueries permissions to policies that require it #2551
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Features and Changes
While doing some testing, I came across a few edge cases.
MetricsFullAccess
policy, but not therunQueries
permission, creating metrics was a bit odd - they could technically edit the SQL, but they would not be able to test the queries.MetricsFullAccess
.DatasourceFullAccess
they were also able to technically create a datasource, but they couldn't generate an information schema because that requiresrunQueries
permission.DatasourceConfiguration
policy, they were technically able to update things like the Experiment Assignment Queries, but again they weren't able to test the queries before saving, nor were they able to update/generate the datasource's information schema.ExperimentFullAccess
policy, this also didn't include therunPermissions
policy, so they're not able to update an experiment's results.DimensionsFullAccess
policy, this doesn't allow the user to build/test the query when creating/editing the dimension.SegmentsFullAccess
policy, this doesn't allow the user to build/test the query when creating/editing the segment.To combat this, I've added the
runQueries
permission to the following policies:MetricsFullAccess
,FactTablesFullAccess
,FactMetricsFullAccess
,DatasourceFullAccess
,DatasourceConfiguration
,ExperimentsFullAccess
,DimensionsFullAccess
, andSegmentsFullAccess
.This PR likely reduces the need for #2550, though, it feels like there may still be edge cases that make 2550 valuable.