How to change permissions for /Dashboard/GetDashboardQueryData?
And I found that even end users can type in queries and get it to run. I've only tried SELECT queries, but still it bugs me that people can just dig around in the database on their own. Not only that, a SELECT statement to an entirely different database works too.
I'm not really up to speed with all the permissions, can someone explain to me how you can make them more restrictive?