Privacy Rules – Best Thread / Advice? Multi Tenant App

Need help
1

Hi, looking for the best Privacy Rules tips/threads. I have been looking through the forums but have not yet found something helpful for me that is current. In 2023 Bubble made some changes so I am wondering if that changed approaches.

Basically, in a multi tenant app, you want to prevent users from one tenant fetching data from another. For example: Car Dealerships :red_car:

Dealership A

  • Staff
  • Contracts
  • Customers

Dealership B

  • Staff
  • Contracts
  • Customers

I ask since the common issue of “* Rules that use “This Datatype’s X’s Y” can’t grant search access right now” has come up a lot and usually I have to take a custom approach each time.

Looking for a methodology that you guys follow when building.

2

You can in theory permit find this in searches, and show no fields (so only the unique IDs will be accessible), but it makes sense to avoid that if you can.

This Thing's Dealership is Current User's Dealership and Current User's Dealership is not empty

That’s all that’s necessary.

If they need to be able access multiple Dealerships, have a List of Dealerships on the User.

And if they need to be able to have independent accounts of each dealership, avoid it if possible (just let them use one account and select the dealership), but you can do some dummy email magic to create separate accounts that can be logged in with from one email/password.

1 Like
3

Hey @georgecollier thanks for the reply.

That’s all that’s necessary.

That’s all?? :rofl: Surely it can’t be that easy

4

you’d probably need to use dealerships on user + this users access level

ie you’d only want admins to edit admin data for dealerships they “own” and staff can only edit customer data etc

1 Like
5

Yeah I was planning to do something like this for my use case.

Ideally I would like a matrix that Account Admins can use to provision data access to each user on a granular level.

6

Create a list of permissions (e.g., edit dealership, edit customers, view customers, create contracts, edit contracts, view contracts). Then, for relevant features allow access only if user’s account for the selected dealership includes the pertinent permission.

image
image740×1166 64.1 KB

1 Like
7

I see what you’re doing here.
Would you store this on the user? and What if the user belongs to two dealerships?

8

This discussion is now veering away from privacy rules per se into data schema, although, of course, they’re interrelated. Anyway, I assume there are many forum threads about configuring an app’s data schema for multi-tenancy. Here’s one brief explanation, along with a follow-up about privacy rules.

1 Like
9

Totally, they do intersect. Those links are super helpful, that’s the kind of stuff I was looking for! Just to know how other people do it/think about these things.

We know many bubble apps have pitiful privacy rule setups, if any.

10

This topic was automatically closed after 70 days. New replies are no longer allowed.