How to create consistent privacy rules

I’m setting up my site’s privacy rules in bubble, I have the Users table and I’ve set it up so that the user can see their own data, but I want the user to be able to see data such as photo/email/name if the other player is on the same path as them and to do this I have to do it like this:

User active_team members list (here I would get a team members, but I can’t place it and inside tem members there is another user)

I can’t do this deep search in the rules, this same scenario is repeated for several other scenarios, is it safe for me to check that only the user is logged in and return all this information? and then the rest would be dealt with by direct constraints in the elements/workflows?

I think you already know the answer because you asked, and the answer is probably no.

If anyone can create an account, a privacy rule of ‘Current user is logged in’ is as good as making the data public.

I don’t understand your exact set up but if users can have multiple teams it’s a bit tricky (because you can’t compare lists with privacy rules).

The solution is probably some kind of data trigger that adds Users to a field on the User (assuming a User won’t need access to too many users), or using a backend workflow to bypass privacy rules and display that data.

1 Like