Been applying privacy roles and it appears that dynamic data seems to load slowly compared to when there were no restrictions. I have admin roles that can view everything, and user roles that can only view things created by them or things that are stored on the user. I have tested the speed by switching my user between admin and regular, and it is clear that the Admin view is faster. I would think the reverse would be the case since it is loading less data.
Is this something other people have observed? If so, do you have workarounds you usually put in place?
Itâs normal to expect that privacy roles would have some impact on performance.
For that reason, itâs good to examine a) how much data youâre trying to initially load and b) if your privacy roles are overly complex.
For example, if you have a repeating group that is based on a âDo a search for Xâ that doesnât have much constraints and is loading a full list, that may slow things down considerably. So, good to ensure you have well constrained searches (and not overly reliant on filtering).
Think of your privacy roles like a request going through a series of pipes - some are more direct routes than others. Bubble is going to evaluate all of your privacy roles to see if there is a âmatchâ that grants access to the requested data. (So, the is current user admin = yes role is going to evaluate faster. But your other roles may take more time to evaluate.
In some cases, it may be better to work with pre-defined lists. (Ex. for a property rental site, save a list of properties owned by the current user on the Current User. That way, you can enforce a privacy role that is âCurrent userâs properties contains this propertyâ).
Some initial thoughts. Iâm sure others will chime in.
Privacy rules are the primary tool in Bubble for specifying who ought to be able to see what data. When designing an application, you should think through, for each kind of data your app will store, who ought to be able to see it. Just the user who uploaded the data? The user and certain other users who meet specific conditions? The general public?
If the answer is not âthe general publicâ, then it is important to create privacy rules. Think of each rule you create as a reason someone ought to be able to see a piece of data. For instance, one reason might be, âIâm the user who uploaded itâ. Another reason might be âThe user who uploaded it tagged meâ. More information on how to set up and use privacy rules is in our manual: https://manual.bubble.is/working-with-data/privacy-and-security.html
Privacy rules get applied whenever your app searches for or retrieves data. Behind the scenes, we add them as extra constraints to searches: if you search for all users, what we really do is search for âall users who the currently logged-in user is allowed to seeâ. This applies to searches on a page, as well as searches inside workflows: whenever we are running a workflow, we track who the âcurrent userâ is, and only show that workflow data that is allowed by privacy rules.
The general rule of thumb is: if privacy rules allow someone seeing data, that person can see it. Donât rely on hiding things on a page or redirecting to a different page to protect secure data, and donât rely on not having built a search anywhere that returns the data. Those measures might stop someone from stumbling on data accidentally, but they wonât stop someone determined to view it.
If you need to modify data that the current user is not allowed to see, the best approach right now is to use a scheduled API workflow with the âIgnore privacy rules when running the workflowâ box checked. This will run the workflow entirely on the server without sending data to the userâs web browser, and it will remove the restrictions on searches, so that the workflow can retrieve data that the user wouldnât otherwise be able to access.
Thanks for the response. Yeah, I spent the past few minutes optimizing the rules and that definitely helped. I also ran a few more tests and it appears that much of the slow loading data could be attributed to filters on long user-stored lists. A constrained search for the same list on the other hand loaded really quickly.
I have a repeating group doing a search for a thing. The result shows:
the thing name
the name of the person who created the thing
Because the User privacy rule has a condition on it, the Userâs name loads a second after the thing name.
Iâm thinking of just sticking the personâs name into the thing data table as a text field so that it loads at the same time as the thing name.
Would this be the ârightâ way to do this?
Thanks, Jess
PS. completely unrelated question - Iâm not using a map in my app but there is a lot of red text in Settings telling me I should have a Google Maps API key. Do I need one if I donât display a map image? Iâm also not using browser location services but am using âx distance from userâs address they entered in a formâ.
I would recommend against duplicating data. (Say, for example, that underlying user had a typo in their name. Then they update it on their profile. Now, all your text-based versions of that userâs name need to be updated. Otherwise itâd appear incorrectly).
Regarding Google Maps, you should get your own API key regardless. (Think about it like getting your wallet before you go to the store - you may not buy anything, but better to be prepared). You are OK without it, but Bubble strongly pushes you to get your own. Otherwise, with excessive use, I believe Bubble will start throttling your requests. (What that threshold is, I donât know).
You can find my instructions video for setting up your own Google Maps API key many places on the forum.