At report user can delete from database


So my users can creates reports, and one of them created an sql based report, which sql’s script deletes from my database, and it ran, and deleted few of my records.

Here is an example photo where my user wrote that delete script:

I think this is really not good if users can update and delete from script.
Any solution for that?



We see only one way to solve this problem: to provide a separate JDBC data source for running reports. This data source can be configured for a database user with read-only rights, so there will be no way to modify data via reports of any kind. Additionally, such data source could point to a replicated standby database, which would be good for performance as reports would not load the main operational database.

We have a related issue:

Currently there is no way to prevent data modification if a user has access to creating reports.