Wondering on what is the best way to restrict data?
I have a multiple companies and each company has multiple locations.
I want each user to be able to see their own data that they put in, then a company admin that can see all data from that company and all it’s locations and a location admin that can see all the data from that location.
Right now I have it set up with that each user has a role type field, company name field and a location name field and all data that users enter has company name field and a location name field. Then to display the data I did a search then added a constraint Created by=Current User then I added two conditionals that if current user’s role is company admin then do a search and added a constraint company=current user company and another one that if current user role is location admin do a search and added a constraint location name=current user location name.
I am I doing it the best way or is there a better way to do it?
Thanks,
I’d say in general that if it works, that’s good enough keep plugging forward and deal with bugs as they occur. If you’re wondering if it’s the best way to to do it, it’s hard to say exactly because there’s so many variable use cases.
For example, if you want an Admin (lets say) to be able to create data on behalf of a Manager (let’s say), doing a search with the constraint “Created by current user” wouldn’t necessarily display the desired data for the Manager (or vice versa).
In that use case, you could set up constraints such as “if current user’s role is admin or manager, this element is visible” or something along those lines, depending of course on the context of data you are trying to display.
Auto-binding is a pretty decent learning curve in the Bubble environment, but it forces you to learn about built in privacy mechanics of the actual editor as well as page and group level data content. That may be the tool set you are looking for.
If you share a link to your editor people will be more able to provide specific answers for your particular use case
I would definitely have a look at setting the constraints on the privacy tab. Depending on the details of what you are doing, that might prevent you from having to enter role constraints on each search you perform. We are doing something similar and happy with the results – every user is associated with an “instance”. Every table has a field of type “instance”, and has a privacy role of “Instance User” of CurrentUser/Instance = ThisTable/Instance. Anytime we ADD data into a table, we set the “instance” field, but then everything else downstream is handled automatically without search constraints. Similarly, we have an admin role on some tables, allowing them to see everything, and some tables are just open to anybody logged in.
