We are using Play SQL Base to embed simple SQL query results in Confluence pages. The database contains sensitive information, so we do not want all Confluence users to have SQL query permissions.
The space administrator has defined a datasource and written a query in a Table.
Now I log out, and log back in as an unprivileged user, who is not the space administrator.
The 'Tables' menu item for the space is visible.
Under 'Queries', if I click 'Create new...', I get an error: "User ... must have CRUD permission for the space '...'"
. This is good.
Under 'Queries', if I click the existing query, I can edit it! This is bad. An unprivileged user can rewrite the SQL to anything they want.
I suggest that editing existing queries needs to be protected with the CRUD permission, just like new queries.