Hi. I’m starting to build software for companies. This means a company will be able to subscribe to the software and all its users will be able to use it. how do I manage each company’s data without mixing for example users together? is it advisable or even secure to have all users for all companies in one table? If not, how do I separate this data?
Hi there, @lancegerarrd… assuming you have a
Company data type, you can “separate” users by having a
company field (with a field type of
Company) in your
User data type, and you can use that field to make sure (via a privacy rule and searches/filters) that only users who belong to a particular company can see that company’s data. You could also have a list field (with a field type of
User) in the
Company data type that stores a list of the company’s users, and that field would give you easy access to all of the users who belong to a particular company.
Hope this helps…
How would you go about securely making sure each User is correctly assigned to a company? You could have a User say simply say they work for company X when in fact they work for company Y? They’d have access to the wrong company’s data!?
My thinking is that the most secure way would be to manually assign each company a code (a manual unique ID) in the database and then speak directly to the company to get the Users who I should also assign to that ID.
Do you think this is the best way to do it in terms of security?
You can create an admin page in your app where you can manage your users and assign them to their correct company.
Thank you that’s a good idea, it still requires me to manually do it though, the users themselves can’t do it as they could still say they’re part of a different company?
@CARDOFCALC I think cmarchan is right. For most software which are bought to be used in a company, there is an admin who creates user accounts for its users. In any other scenario apart from a company, users are free to create their accounts.
Interesting thank you Lance, I’ll try and find an example to see how it’s done in the real world. Would that admin account generally set up accounts for their team members in the app by entering their email addresses and setting up an initial password for them? I’m just wondering in practical terms how it’s usually done
I’m building an app for individual users (individual licence) or ‘company licences’ which will have 10 users included in that package. All users have same features etc. apart from the company admin user who needs access to all of their teams data.
Do the users have company-provided email addresses? If they do, then a user could sign up on their own using that email address, and you could send a confirmation link that they have to click before they are added to the company.
Hi Mike, they do mostly but not always so I can’t rely on that approach. Good idea though
This is how I did it:
Create a new “Team Member”. Create a “user” and field. Assign a email address (can be a bogus one). Assign a name if you’d like.
Generate a unique link that goes to a login page and passes this “Team Member’s” unique ID through a parameter.
User signs up by clicking on generated link > creates a password > do a search for “Team Member’s” email from the URL parameter and use that as the email.
Link “Team Member” from the URL to current user.
Navigate to whatever page you wish.
Hi Jay, interesting approach thank you for sharing!