Access Control - Multiple organization, multiple user level

Hi All,

Im trying to understand how access control works here. I do understand the access control is based on user/id/password.

What im trying to get some idea is cascading access control via several role/organization?

Not expecting a full solution, a sprak of idea would do the trick.

Example -

I have an application and all new created account will have designated organization access (Admin role). under that they might have several user with limited features.

How do save and provide access control to that idea?


@mstrmorgana I was just about to post and ask the same thing. So if anyone could help that would be great, many thanks

There are a ton of ways to accomplish this, which is good. But, there are a ton of ways to do this, which also makes it tough to explain!

I have done it two ways, myself. First, I add yes/no fields on the user to represent user roles. Something like “isAdmin” or “isTeacher.” Then, they get certain options available to them based on role.

The other thing I’ve done is to create fields on the organizations that I can add users to. For example, if I have a School, I can have a field called Teachers (that is a list of users) that I can add or remove users to.

Is this what you’re asking for?

1 Like

hi andrew, something in that domain.

i was thinking this should be controlled even during the signup phase where organization -> role. and i know each page can be control by user access in the workflow. i guess my asking was more on “best practice” on bubble.

and my worry is, developing module by module, i mean the data flow.

1 Like

Nobody wanted to share any inside on this?

This is a useful approach. An equivalent is adding a list of roles to the user.

There can be roles to limit access of new functionality to beta test users.

An extension is to assign departments to users, which could reuse the same roles function, and limits access to particular rows of data (search criteria checking role/department), and column access (privacy roles).

IMO its still worth keeping “isAdmin” separate from the roles, for presetting access to the role assignment page.

Well, I’m aware there are several ways of doing this, but here’s how I do it: When someone signs up, it is the main Admin of a specific organization. Then there are already two things, the new user and the new organization that is created alongside the new user. The organization has a list of users, and each user also has a field that says “belongs to” that points the organization he belongs to. That’s what links them

On the roles part, I currently have only two roles and I use the same approach as Andrew, users have a field isAdmin and isObserver, and the app’s privacy rules and elements are set to only show and send data according to these fields.

Hope this helps, if you want to ask anything else feel free to.

1 Like

Hi folks. How do people do user invite and signup when the user needs to be created with the organization identified immediately. I don’t want users to be able to choose their organisation. I want the organisation admin to send users a signup link or code. This should work like the example of a invite referral code right? What are best practices for this to ensure the users only get attached to the organization they should be a member of?

Send a link with a parameter at the end such as
where 1234x5678 is the unique id of the organization.

Then create a workflow on the page that when the page is loaded, when get data from url, param: join, dropdown: organization (data type), then add the user to the org (or however you deal with that)

1 Like

Great. thanks Devin. That’s roughly what I was planning to do.

1 Like