Add permissions information to Metabase Analytics

[zbodi74]

Is your feature request related to a problem? Please describe. Currently, it is not possible to generate reports in Metabase Analytics that detail which Metabase resources or database tables a group or specific user has access to.

Describe the solution you'd like Expose in application permissions in Metabase Analytics, with collection permissions being joinable with the Content model and data access permissions joinable to Tables.

Ideally we should also expose data lineage, either in the Content view or in a separate view, by showing which tables questions or models refer to.

Describe alternatives you've considered Self-hosting customers could query the application database directly but this would requires a detailed understanding of how permissions are represented.

How important is this feature to you? This is a common audit requirement.

Additional context An actual user request:

Yes, that would be a great feature to have in Metabase. The report should include but not limited to:

Role Group Name users in each role group name timestamp of when each user was added to the role group name what collection each group name can access

[ixipixi]

In another recent request for this, the customer also needs timestamp of when users were added/removed to groups. It doesn't look like we currently track group membership history so, even with app DB access, they couldn't produce this component of their audit requirements.

[paoliniluis]

pretty easy to do actually, should be an easy addition to the metabase analytics collection and just 1-2 hours of work