First of all, i would like to thank you for your respected free template, which saved me hours of hard working.
As far as I understand from your respected detailed documentation and videos at youtube and Vimeo, you are using option sets to define user permissions, However, as per an interview between Emanuel and a french engineer from @ZeroqodeTeam about the security measurements, they stated that the option sets could be exposed easily, i really would like to substitute the option sets with a table in database. Thus will allow me also to define further permissions based on different roles. In different tables for more secure data.
I couldn’t find explanation on how to do that.
Kindly assist on that matter, if you can.
The question is also addressed to my fellow colleagues on the forum.
Really appreciate your kind replies.
Hi there, @arch.hany… I won’t comment on the security-related aspects of option sets vs. data types, but I know lots of folks (myself included) have used an option set to define the roles associated with user permissions in their apps. That being said, there is certainly nothing wrong with switching to a custom data type, and it should be as “simple” as creating a new data type with the fields you need, manually adding data to the data type on the App data tab, and going through the app and replacing all references to the option set with references to the new data type (for example, instead of getting the options, you would do a search for the data type’s things).
It is updating all of the references that will be the trickiest part, of course, and you can use the app search tool (i.e., the magnifying glass in the upper-righthand corner of the editor) to help you find those references.
Hope this helps.
If your kind advice is no problem with using option sets to define roles, then i wouldn’t change that, i could actually make it work for me by adding specific permissions for each role using attributes.
Am i correct?
You would likely want to define the permissions via privacy rules on your data types. For example, if your
User data type has a field that defines a user’s role (with that field being linked to the option set), you could add a privacy rule on a particular data type that says when a user’s
role field is set to a specific option, the user can view/edit the data in that data type. Make sense?
The above being said, I’m guessing the template already has all of the permissions-related functionality in place, doesn’t it?
Thank you first of all,
I have little complected structure for roles and subsequent permission
I have my company (who manage the app) with different internal permissions.
I have system admin for each sass account
Different teams construction, consultant , owner, subcontractors under each sass account
Each team has different permissions for inspection (4 level of permissions), inventory (4 different permissions), cost ( other 5 permissions)etc.
I was thinking to use the airdev template and utilize their system using attributes.
I then will use the privacy rules to restrict mixing each sass account data.
I hop it is clear.
Again thank you
You can create additional attributes on the option set to help you further define/refine your user permissions, if that’s what you’re asking.
Honestly appreciate your feedback and reply. Yes thats my question
Complementing @mikeloc ’ great advice I would like to share these resources which may help you structure your user permissions and page redirection logic in a Canvas templated Bubble app:
Hope this helps!
Appreciate your kind reply. In fact i saw it and even downloaded. My role and permission structure is bit complicated. Multiple roles with multiple permission each permission has different restrictions. And as i am lucky person my app is all based on that roles to function properly.
Honestly thank you for your kind efforts .
This topic was automatically closed after 70 days. New replies are no longer allowed.