SQL-Tile You do not have permission to author or modify sensitive queries

I have one user (User 1) who created a Dashboard using the SQL tile. It queries the Data Warehouse. He can see the output from this, as can I (SCOM Admin)

The Dashboard is in a team folder.

My other user (User 2) can open the dashboard and see the SQL query in the Tile configuration, but it will not display the output. Instead it says: “You do not have permission to author or modify sensitive queries”

User 2 is an owner of the Team folder that the Dashboard is in. He is also a SCOM Admin.

Where would the permissions lie for this??

SquaredUp v4

Hi Oliver,

SCOM Admins should have the ability to create and modify queries in the SQL tile. As you have mentioned User 2 is a SCOM admin they should have the ability to modify and execute the query. I would suggest raising a ticket with support about this.

There are instructions that I will add below which include the configuration changes to make it possible to delegate permissions for constructing queries for (non SCOM admin) in Team folders.

'It is possible to delegate permissions for constructing queries. Doing so requires modifying a configuration file on disk. Modifying this file by adding the user or group to “author” will give the user/group QueryAuthoring permissions in the team folder and they will receive rights to create and edit queries (which by default is only administrators)


This feature should be used with extreme caution. The result is that the user or group can write, edit and execute any query - against SQL databases, web APIs etc. - possibly resulting in sensitive information disclosure or even data loss (depending on what rights the application pool identity has)

To change or add to the users in this list:
  1. Log on to the Squared Up server directly, or via RDP
  2. Navigate to the Squared Up website files on disk (e.g. typically C:\inetpub\wwwroot\squaredupv4)
  3. Navigate to User\Packages\QueryAuthoring\User
  4. Open access-control.json in notepad
The file should look similar to the following:
<code>{ "view": [], "author": [], "owner": [] }</code>
  1. Amend the file to include the username or group. Note that \ separators should be entered as \\ instead
<code>{ "view": [], "author": [ "<strong>mydomain\\myuser</strong>" ], "owner": [] }</code>
  1. Now re-save the file to the same location.

  2. To see the change take effect in Squared Up either recycle the IIS application pool, or select 'reload' from ☰ > system > Dashboards > Reload all content

The users listed as author in the file will now have permissions to create and edit queries.'

Let me know if this change helps

1 Like