I am trying to setup privacy rules for my app and facing with couple of issues as every other bubble user. My database structured based on user roles and database tables are normalized to avoid redundancy meaning that I try to avoid writing same data to more than one row in the database.
There is two user roles: Company and Influencer
There are two table (thing): CompanyProfile and InfluencerProfile
So at the beginning, what I did was to have CompanyProfile (type: CompanyProfile) and InfluencerProfile (type: InfluencerProfile) fields in the Users table.
This allows me to create expressions like user’s companyprofile’s name, address etc.
This also allows me to create data privacy rules for Company.
However, after reading about database designs and understand how important to avoid repeating same data (less CRUD, more consistency in the database, better performance) I restructured all of my tables. Now I dont have a “link” field to the thing, e.g. User tables doesnt have CompanyProfile or InfluencerProfile.
I can still create expressions by using “do a search for…” and constraints and get users’ company’s name, address.etc.
but I cant create and data privacy rules when it comes to more complex (thing’s thing’s thing) data.
At this point, I either will create bunch of new fields in almost every database table to link to the user, or have database privacy rules that is not really secures the data.
I want to ask which route is better in terms of performance? Can data be secured in the actual page itself? For example; can I just create a rule that make data inaccessible in the page if the current user has no permission?