My situation is this:
A “notification” thing is created for a user to allow them to be notified when a new Thing is posted.
I don’t want anyone else to be able to access the users email address by looking into the Notification thing table so I’ve unchecked all view field types.
Even though it’s still set to Find This In Searches, it doesn’t allow me to run actions based on private fields (email).
While i can protect it from hackers it protects it so that the system can’t process a workflow with the information either.
Unless i’m doing something wrong?
Sorry to answer your question with a question, but is the user you are testing with the creator of that notification. Its odd that its not working.
The problem is the hidden fields aren’t viewable by the Bubble system or something.
When i hide the fields (example, email) i can’t run an action to send an email to that user, even if the rule allows for it…
If anyone has any idea please let me know.
As far as I can see here you cannot run actions on fields that are hidden from everyone else but Current User…
Even the system itself can’t see them… Is this really the case?
How does one protect their apps and have it function at the same time?
Maybe you could create a yes/no admin field under user type, have your email marked yes and give access to current user and the admin email.
The issue is the Privacy settings within bubble do not allow actions to be run by the system itself. It seems to be impossible to protect your application and have it function properly at the same time…
No actions can be run on anything that is hidden even if there is a rule that allows for it. System doesn’t see the data. This is a fundamental flaw that I can’t get around.
It might be a technical issue.
Not sure I understand the problem here. If you define your role in a way that a user is not the notification’s creator cannot access the email, a workflow run by someone that isn’t the creator won’t be able to work on that field. If he is though, he can.
Generally speaking though, privacy roles and workflows are different things, and we use privacy roles to define what can be seen, not what can be modified. Now if a workflow require to read a field before doing something you’ll need to keep this in mind when you design the roles.
1 Like
Ok.
If I enable the ‘created by’ field this then passes the creators information along and then the system uses the privacy roles defined under User?
For example here is another issue with this setup.
I’ve blocked the privacy settings in the privacy section so that hackers can’t see cc authorization numbers…
I’m trying to Capture the charge but now the system doesn’t see the authorization number because of the privacy role thus can’t charge the user:
And the system won’t allow me to do this which would solve my issue and allow the Pilot to initiate the transaction:
I can’t figure out how to keep data private and have the system function at the same time… How do people initiate workflows on data that is hidden? It certainly is sensitive information. It would be good if there was a “workflow” permissions + everyone else + the specific role that way we can tell Bubble to process workflows and modify/use data regardless of privacy roles that may be in place.
The condition is what is used to define which role applies.