Balance between security and optimal performance

Hi there,

I am working on an app and I designed the data model based on the principles of the Ultimate Performance Guide. So for example I have:


Now I want to link Projects (List/Data) to users in a specific type/role. Project Creator, Project Participant.

So I create a datatype: ProjectUser with properties Project, User, Type (Creator/Participant)

So I want to to only make projects available to the user when the user is linked to a Project. Based on the fact if it is a creator or a participant I want to add more fine grained security. I am now having trouble to setup the correct privacy rules for this.

I ended up to add a (list of) user(s) on the ProjectList datataype for both types:
Creator (reference: user)
Participants (reference: users - list)

Now I can create a privacy rule:
This projectlist.creator = Current User
or This projectlist.participants contains current user.

The thing is that from a performance perspective it is not advised to use list fields on datatypes. Security is more important than performance, but I like to know it there are other ways to manage both security and performance to an optimum of both.

List is not advised to use where you can have more than 10-20 items in the list.

Ankur@ Nocodetalks
Looking for a Bubble Coach? Check out here

Thanks. In that case my question is how to correctly setup the privacy rules using the linked table ProjectUser instead? Is it even possible to do so?

I just noticed a similar question raised here

I also thought to add some additional project data to the projectuser datatype, but then the data of the referenced product is still not secured by privacy rules. Besides that I believe going to the product from the projectuser datatype is acting as a lookup which can be secured by privacy rules.

Storing list in data types is not great for perfomance only if list will contain more than 30 items, especially if User data type will contain a lot of other data.

Everything will be fine if you make sure that User datatype remains relatively small( without lists in it and dozens of text fields with b64 encoded)

Every sollution is a tradeoff, you need to pick what is important for you.

I’m curious where folks are getting the 10, 20, and 30 numbers from for the “max” size of a list when it comes to performance. Bubble’s documentation says it’s 100 items, and I have always used that number as kind of a tipping point when deciding whether or not to use a list field.

In practice, if you’re creating this kind of relationship and expect one thing to have a list of more than 100 values of another thing, we recommend going with Option 3 .

1 Like

A 100 would be sufficient and would imply that I can use sublist to define my privacy rules.

1 Like