This article applies to the Admin Console > General > Feature/UI Settings > Allow Creation of Custom SQL Objects setting.
Beginning with v2018.1, administrators have the ability to allow end-users to create reports using custom report-level SQL objects written in the end-user interface.
See Report Wizard: SQL Categories, for info on how end-users will be able to use this feature.
To enable Report-Level SQL, in the Admin Console, set General > Feature/UI Settings > Allow Creation of Custom SQL Objects to True.
This is the first time that we have provided the ability for end-users to write SQL against the database directly. As such, there are some important security concerns to keep in mind before enabling this feature.
Protect your data from unauthorized SQL injection
Before enabling Report-Level SQL please read carefully and consider the following information.
This feature allows report writers to execute arbitrary SQL commands against data sources they can access. By default this is ALL sources except those you have specifically excluded.
Contact your database administrator to ensure that the connection string has READ-ONLY access. Do not enable Report-Level SQL without a restricted connection string for each allowed source.
Furthermore, because Report-Level SQL bypasses the Admin Console data model, Role (row-based) and column tenancy restrictions on data objects have no effect. Therefore, ensure that the connection string also restricts viewing and joining to unauthorized tables and schema.
Exclude unauthorized sources from Report-Level SQL by entering their names, surrounded by quotes (") and separated by commas (,), in the Admin Console field Data Sources to Exclude from Custom SQL Object Creation.
Note: This prohibits creation, but not execution, of Report-Level SQL reports with these sources.
You can deny Roles access to Report-Level SQL by setting the following Role field to False:
( Role | General ) Allow Creation of Custom SQL Objects in Advanced Reports
This prohibits creation and execution of reports with Report-Level SQL. To permit execution, enable the following setting:
( Role | Objects ) Allow User to View Report-Level Custom SQL Objects
Please be cautious with your data.