Data Privacy Rules

Hi,

I’m trying to use the data privacy rules a certain way but I don’t know if Bubble it’s built for this. Can someone clarify?

  1. I have a table called USER PROFILE used to define what users can do in the application. This table has two fields:
    Profile Name (text)
    Profile Users (List of User)

One of the records says:
Profile Name: Requester
Profile Users: User 1, User 3, User 5

  1. I have another table called REQUEST to keep the requests that users create

I would like to protect the table REQUEST using the Data Privacy tab, in a way that only the Users who have the Requester profile can access its data.

However, I cannot find a way to do that. Any suggestions?

Add a field to the User type to save the User Profie:

User
First Name (text)
Last Name (text)
…etc…
User Profile (User Profile)

Then in Data Privacy for Request data type, you can create this permission: “When Current User’s User Profile’s Name is Requester” > allow access.

And create an opposite permission: “When Current User’s User Profile’s Name is not Requester” > restrict access

So this just means that whenever you add a user to a User Profile’s List of Users field, you should also save the User Profile to that user’s “User Profile” field.

That will do the trick.
I was trying to avoid the double reference but given the way the privacy rules have to be constructed, it seems that it’s unavoidable.

Many thanks!!

1 Like

@romanmg,
Actually, for some reason, the editor does not allow me to see the fields of a referenced thing. Effectively, when trying to build the expression
When Current User’s User Profile**’s Name** is not Requester

after selecting the field Linked Profiles (a list of PROFILEs), I do not get the names of the fields in the thing PROFILE as options; I only get “contains” and “does not contain”, as shown below:

Do you know why this is the case?

Many thanks in advance,

Marry Christmas and Happy New Year!

1 Like