First of all, i would like to thank you for your respected free template, which saved me hours of hard working.
As far as I understand from your respected detailed documentation and videos at youtube and Vimeo, you are using option sets to define user permissions, However, as per an interview between Emanuel and a french engineer from @ZeroqodeTeam about the security measurements, they stated that the option sets could be exposed easily, i really would like to substitute the option sets with a table in database. Thus will allow me also to define further permissions based on different roles. In different tables for more secure data.
I couldn’t find explanation on how to do that.
Kindly assist on that matter, if you can.
The question is also addressed to my fellow colleagues on the forum.
Hi there, @arch.hany… I won’t comment on the security-related aspects of option sets vs. data types, but I know lots of folks (myself included) have used an option set to define the roles associated with user permissions in their apps. That being said, there is certainly nothing wrong with switching to a custom data type, and it should be as “simple” as creating a new data type with the fields you need, manually adding data to the data type on the App data tab, and going through the app and replacing all references to the option set with references to the new data type (for example, instead of getting the options, you would do a search for the data type’s things).
It is updating all of the references that will be the trickiest part, of course, and you can use the app search tool (i.e., the magnifying glass in the upper-righthand corner of the editor) to help you find those references.
If your kind advice is no problem with using option sets to define roles, then i wouldn’t change that, i could actually make it work for me by adding specific permissions for each role using attributes.
Am i correct?
You would likely want to define the permissions via privacy rules on your data types. For example, if your User data type has a field that defines a user’s role (with that field being linked to the option set), you could add a privacy rule on a particular data type that says when a user’s role field is set to a specific option, the user can view/edit the data in that data type. Make sense?
The above being said, I’m guessing the template already has all of the permissions-related functionality in place, doesn’t it?
Complementing @mikeloc ’ great advice I would like to share these resources which may help you structure your user permissions and page redirection logic in a Canvas templated Bubble app:
Appreciate your kind reply. In fact i saw it and even downloaded. My role and permission structure is bit complicated. Multiple roles with multiple permission each permission has different restrictions. And as i am lucky person my app is all based on that roles to function properly.
my app is all based on that roles to function properly.