Best practices for restricting certain user types to only specific pages

Hi everyone,

We have a custom CRM that we built on bubble, where as of now all employees generally can access all pages.

I want to create some pages that are for partner portal users only which are external contractors or partners of ours. These external users should only be allowed to view these few pages, with all others being restricted.

The way I thought of doing this would be creating a field under the User table such as Type, which is Employee or Partner. I could then go through all our internal pages and do a “when page is loaded” workflow that says if the current user Type is Partner, navigate them away to the partner home page or to a page saying access denied, etc. I’ve done it like this in the past and it works fine.

Then for security, I can set up privacy on the table that says if current users Type is Partner, only give access to certain fields, etc.

Just wanted to check if that’s generally the best way to handle security in Bubble or if there’s something else I should be doing.

How did you resolve this? I’m curious.

@lmoreau
@buckman

Sounds like you could use Bubble’s privacy rules . This is a great video on the subject from the folks at AirDev @kevin12 @stephanie > https://vimeo.com/427122970

Hope this helps! :slight_smile:

1 Like

Thank you!

1 Like

Thanks for the video. I am doing what it says…so that was encouraging…but I’m still struggling to find a way to stop a page from loading when a user is not logged in. It loads and then redirects off of it no matter what different rules I’ve attempted to use thus far. This seems so simple, I’m sure I’m missing an obvious instruction somewhere…but when a person tries to access a page without being logged in, I just simply don’t want them to see anything…but instead be directed to login.

Any help you can offer would be greatly appreciated!!
Thanks again.
Buck

HI @buckman!

No problem. As someone mentioned in a prior post the way to do that is to hide content groups based on user conditions.

If you build pages using one or few “structural/base” groups to hold all groups including those that display content (and for responsiveness), then you can hide these groups using a flow when the page loads based on user conditions or roles in the user “thing”.