Privacy rules to see aggregated results only


I’m new to, really loved it :slight_smile:

Let’s say I have a review app, with 3 data types:

  • the built-in User
  • Product
  • Ratings with fields:
    • User
    • Product
    • rating (number)
  1. All users should be able to view aggregated ratings (average rating per product), but not specific ratings by other users.
  2. Any user should be able to rate any product, and edit his own ratings.

Is there a way to configure roles and privacy settings to achieve this?



For the rating data type establish a privacy role called “owner” and set it like this > “this listing’s user is current user”; check all boxes enabling the owner access to everything; uncheck everyone else’s boxes disabling everyone else from accessing/seeing ratings.

Set a privacy rule for the user data type called “own user” and set it like this > “this user is current user” and give it all permissions; for everyone else choose what you want to disclose like first name and anything else that you deem shareable if so.

You will be likely be computing a product’s avg rating as a number field vía flows and showing this result via a text element to any users. With no privacy rule for the product data type there will not be a problem.

Hope this helps :+1:t2:

Thanks for your reply!

So a flow should be considered as running server-side with all permissions?
(if the flow is running on behalf of the user I’ll have the same problem)

Not because you created the “own user” privacy role permission.

Experiment around these guidelines and you will find your optimal configuration.

This video should provide a complementary understanding about how to set privacy roles.