Database Security Roles

Can someone explain to me what the privacy roles do? Can my database be accessed by something other than the workflows I have built into the system? Is my data not really safe unless I use this feature somehow?

Thanks in advance.

Yes – security roles are important, please use them! :smiley:

When you add a search on a Bubble page, we do the search from the user’s web browser… it sends a message to the server saying “Hey, get me all users that are …” Security roles are the tool we use to know what data the current user is allowed to ask for. This is important because someone trying to abuse your site could send a message asking for data that they shouldn’t be allowed to see; security roles are what lets us say, “hey! not legitimate! you don’t get to see that!”

As well against protecting from deliberately malicious users, they’re useful in protecting yourself from accidental data leaks. It’s very easy to accidentally design a search that returns more than it’s supposed to return – when you’re doing a lot of work on a Bubble app, mistakes happen! With good security roles in place, you don’t have to go through every one of your searches and add a constraint, “only return users who the current user is allowed to see”… you just set up the appropriate privacy roles, and Bubble will automatically tack that condition on to each one of your searches behind the scenes without having you to manually do it on every single search. So it saves a lot of work, and makes it harder to make mistakes.

In terms of users modifying data, security rules aren’t quite as important, because workflows that actually change data run on our servers, not in the user’s web browser, so it’s harder for a bad user to send a message telling us to change data without actually running the workflow. But again, restricting what data the user is allowed to see can help prevent accidentally creating a workflow that lets the user change stuff they aren’t supposed to.

3 Likes

Thank you for the information, this was very helpful!

So could a malicious user run a search using their own parameters or is this just to protect data that is pulled using no constraints, ex. ‘Search for Users’ and then just displaying the data that you want to show, but knowing that someone could access it all if you do it that way?