Learned that an ad-hoc Jaspersoft user can, through "Topics" select data sources and supply SQL Queries.
Has anyone run into performance issues from users supplying ill-formed SQL code? Is there any way to turn off this query capability, limiting it to only administrative/support staff?
Typically, if SQL is needed, we have developers do this in Test or Dev environment, not production. Then, when DBA approves code, we push to production.
If we grant users ad-hoc capabilities in production, then they also get this query capability through "Topics." Haven't yet found a way to turn this off. The saving part of this is that it's not that easy to get to this feature, and once there, it's not intuitive, especially for anyone not familiar with SQL. And, there don't appear to be any visual aids - no listing of tables and attributes available from the data source. Appears that one would need/want to do their SQL development in something like SQLDeveloper, then copy/past into this Topics\Query feature.
So, guessing that even though its available and could be abused, its probably rarely found, infrequently used when found, and those that are successful in running a query from here are probably skilled in SQL - that real risk is low-to-zero.
From anyone with experience in this area, is the risk real or only perceived? And, anyway to turn this feature off? Is yes, can we turn it off for most users, while keeping it on for a select few developer types?