Hi, I was wondering if you can use a text field as a security rule?
As an example i have a thing called “List” that contains a field “SecretKey” that is just a random text string, I would like everyone with a copy of this “secretKey” to be able to access the List (Current User’s SecretKey = this Lists’s SecretKey).
Hi @tejb54, you can create a privacy rule in Data > Privacy to work with these fields.
So, for the List data type, create a role called “Can Access” (or something like that), where the condition is just like you said “Current User’s SecretKey is This List’s Secret Key.” Then enable everything that user would be able to do (find the List in searches, view fields, etc.)
Now, you should have an opposing role. Either the default “Everyone Else” is that opposing role (where things are disabled/unchecked) or you can create a separate role called “Cannot Access” where the condition is “Current User’s Secret Key is not This List’s Secret Key” and uncheck/disable stuff.
Just make sure that the Everyone Else default role is also figured in to work with your custom roles. When it comes to creating privacy roles, I like to turn everything off for the Everyone Else rule, and create specific roles for each user case so that I know exactly what people do / do not have access to.
Hope this helps!
Gaby at Coaching No Code Apps (formerly Coaching Bubble)
Courses & Products, Tutorials, Private Coaching, and High-level Development
Start Learning Today
I’m working on something similar to the scenario mentioned here.
I have a datatype in my database called a ‘Post’. The main page in the app has a type of ‘Post’ can the user can see various the content of various fields from that Post.
I need to implement password protection so that only users with the right password can see each post. My approach to date has been to:
- add a ‘password’ field to the Post data type
- add a pop up to the page that shows when the page loads. This requires the user to enter the password before proceeding.
- if the user enters the correct password, the pop up disappears and they can view the Post.
However I can’t work out how to set the privacy rules. My understanding of how the data is loaded into a browser is pretty limited, but I wouldn’t want the Post’s password to be easily visible in the Dev Tools.
I thought that I could have a privacy rule to block access to the password field for all users (other than the creator of the post who can then set the password). However, if I do this, a correct password is rejected in the pop up described above.
Can anyone suggest a better (secure) way to achieve this?
Can anyone help steer me in the right direction with this?