Privacy Rule to view User's Email w/ Roles set as Lists (Multi-Tenant SaaS example)

Recently wanted to add a feature to support multiple teams in my app without seeing each others’ data. Able to get it working for most Data Types by adding a “Team” field to each data type and setting privacy rules there, but getting stuck on privacy for viewing the email field on a User.

App Background:
A Question + Answer app, where a user can create a question with a title+description, then users can submit answers to that question. Users can also be a member of one or more teams, and each team has admins that can invite and remove users from the team. It gets more complicated than your generic “learn Bubble” tutorial because users can be members of multiple teams AND users can be admins of one or more teams, and I want to set privacy rules based on those two lists.

What I’ve got so far:

• I currently have these four data types: User, Question, Answer, & Team
• User has a Team_Viewer field which is a list of Teams they can view.
• User also has a Team_Admin field which is a list of Teams where they are an admin.
• Question and Answer each has a Team field, linking to a single Team. I use a Privacy Rule to check if Current User's Team_Viewer contains This Question's Team in order to determine whether fields are viewable. (I also have a rule that if This Question's Team is empty the fields are viewable, essentially I treat a blank field as saying it is “public”). Ditto for Answer.

So far so good! Where it gets stuck is the User data type. Since the Team_Viewer and Team_Admin fields are both lists I haven’t been able to get a working logic - it just asks for endless contains if I click More below:

Screen Shot 2022-04-11 at 11.19.50 PM698×226 17 KB

Two ways out I see are:

1. Add an Admin yes/no field to User, set a privacy rule for viewing user email there, then filter out further on the front end based on Team_Admin. But I don’t really like the idea of Admins on one team being able to see the email address of users not in their team.
2. Create a new Data Type that has the list of Users with their email addresses for each Team they are on, then reference this new Data Type where I want to show the email address and set privacy rules on it.

Option 2 is fine but was hoping there was a more elegant solution / best practice someone might know of!

For reference, the best post I found on this so far were the best practices shared in Best Practice Privacy Structure for Multi-Tenant SAAS - #2 by StevenM as well as this helpful Youtube video: https://www.youtube.com/watch?v=_DKEXFZJU-M . I appreciate your help!

Hi there, @dorian1… I don’t know if there is a best practice here, per se, but I will throw a suggestion out there as food for thought.

I wouldn’t go with #1 for the same reason you mentioned, and I don’t think I would go with #2 because I would want to use the data types I already have. That being said, I might consider having a field on the Team data type that stores a list of users who are the admins for a team. Then, I might have a similar field on the User data type that is a list of users who are admins on any team to which a user belongs.

I don’t think it would be difficult to update the list on the User data type as users are added to and removed from teams, and that list would make it easy to construct a privacy rule on the User data type that exposes the appropriate email addresses to each admin: This User's Admin_List contains Current User.

Anyway, that’s just a suggestion that came to mind, and I hope it helps, even if you read it and rule it out as a way you definitely don’t want to go.

Best…
Mike

Thanks Mike, I’ve gone with your solution since it makes sense and is pretty low-impact for now. Cheers!