Looker will not be updating this content, nor guarantees that everything is up-to-date.
Organizations often want to grant users access to run their own ad-hoc queries with Looker's SQL Runner tool, but sometimes with more limited access. Perhaps a user should only be able to query one specific connection in SQL Runner, or only have access to a few connections. With a combination of Looker roles and database-level permissions, you can make user SQL Runner access as specific as needed.
In this example, we are creating a user with limited SQL Runner permissions to restrict them to one specific connection.
Note: This approach will not be applicable for users that have an admin role, or users that otherwise have been granted the manage_models
permission.
limited_connection
model set, navigate to the new model set page in the Admin panel: From the Admin drop-down menu, select Admin > Roles > New Model Set (or navigate to the page by appending /admin/model_sets/new
to your instance URL):sql_runner
permission set: From the Admin drop-down menu, select Admin > Roles > New Permission Set (or navigate to the page by appending/admin/permission_sets/new
to your instance URL):limited_model_x_sql_runner
role: From the Admin drop-down menu, select Admin > Roles > New Role (or navigate to the page by appending/admin/roles/new
to your instance URL):
Now this user is able to explore the full connection:
But, can only query the limited-connection
in SQL Runner: