Rules that use "This Attendee's X's Y" can't grant search access right now

Hi Folks…

I am building an events application that will have users who are running events (“Subscribers”) and users who are attending events (“Attendees”). So that different Subscribers don’t see each other’s Attendees, then each Attendee data type contains the user name of the Subscriber whose event they are going to. I am then using Roles to restrict that access.

However…

When I set a role up as
“When This Attendee’s Subscriber User is logged in”
I get this strange message

• Rules that use “This Attendee’s X’s Y” can’t grant search access right now

So does this mean my Subscribers can’t search for their own attendees?
And what does the term “right now” mean in this message? It implies this is a temporary thing. I am on a personal plan now… does it mean I need to upgrade to a professional plan?

Thanks in anticipation,
Antony.

It means the rule is too complex for Bubble at this time. I’d actually like to know if this will be possible in the near future as a lot of my rules will depend on this added complexity. Maybe @emmanuel knows more…

I have a multi tenancy design that I now need to add 2 level organisation structure (companies). The easiest way is to add another field to the existing company table that specifies the top level company and then create a privacy rule for the tables that need access by top level ie
This Policy’s Company’s TopCo is Current User’s Company

but get same restriction that search wont work. What is another easy method to implement?

@emmanuel is this any enhancement for this issue?

Hi Eric…

Yes, good question! My brain isn’t quite back in the details of the how I solved it right now, but I basically realised there were other ways I could organise the database structure to get the same functional result, and one of those prevented the search problem.

Good luck with it!

Antony.

I must not be understanding this correctly because I do this without a search in privacy rules today. I have a field that I call “instance” which is added to every thing in the database needing to be restricted. I use this to allow permission to data when the current user does not equal the Creator. The privacy role for instance users is this thing’s instance equals current user’s instance.

Is that what you are trying to do, or something else?

hi @antony and @mebeingken, thx for your feedback and I think I worked it out. I use ‘Company’ in all the tables to ensure privacy for multi tenancy design but new requirement is to add top level company where they can view/query data from any table for a number of companies ie. their subsidiaries companies. So I added a extra field in Company table ‘SubsidaryCo’ which is a list of Company’s which represent the subsidiary companies. After this I added privacy rule and think this shoudl work, do you agree?

image.png952×280 7.68 KB

+1 on this.

I’d really like to see the Privacy Roles expand to allow a more complex expression we can formulate to achieve what we need. Hopefully this is on the to-do list for the near future…

I ran into this as well after an issue arose and it may cause additional legal issues (not the fault of Bubble of course) but I now need to protect the entire application differently as a result of bubble not being able to facilitate * Rules that use “THINGS’s X’s Y” can’t grant search access right now

We really need this ability.

@emmanuel and @josh

I’m finding this functionality severely limiting. Most of the applications I’m looking at creating need to have teams, and those teams need to be assigned to resources. And I only want people who are on the teams that are assigned to those resources to be able to access this.

Example. “Resource’s Team’s Members contains Current User”. Otherwise I’ll have to assign all the users to each resource and when a user is removed I’d have to make a workflow that goes through and removes the user from all the resources instead of just doing it in one place.

Actually I just figured this out reading @eric.schwantler’s post above. I just had to reorganized my database.

Instead of having a team list the members that can edit resources of that team, I have on the users record a list of teams that they can edit resources of.

Thus To set privacy on the resource then instead of

Resource's Team's Editors contains Current user

I can do

Current User's Editor Of contains This Resource's Team

It is opposite of the way I think in terms of databases, so if the power of Privacy is every upgraded to allow the first way that would be awesome.

yeah, it twists your mind but once you understand its not so bad

Just here to add a +1 on hoping this gets updated.

Generally speaking, the data changes required to make this work are bad practice for “data hygiene.” Would love to see this updated to work as expected. Creating things like a User field “Editor Of” as in @jsduncan98 's post means that if a user can edit their own field, they can make themselves an editor. Certainly we can enforce rules and be careful to not let that happen, but ideally there’s a single source of truth managed explicitly by who owns the thing of interest.

Related to single source of truth, if there’s a Resource’s Team’s Editors field, and a User’s Editor Of Resources field, then again you have to be careful to update both fields anytime a change occurs, rather than having that single source of truth that every use-case can reference.

In any case, appreciate the discussion here! I’ll also be using this data reorganization on my project until there’s an update. Thanks all, and enjoy the day!

Hi found this topic after running into this issue pretty quickly on my app.

I’ve been building enterprise apps for the better part of a decade and I have to say that I am stunned that this isn’t possible in some form or another on Bubble.

My use case is that I have Events and Registrations in my app, and events can have “hosts” which are designated by admins to have administrative permissions (approve attendees, change event details, etc) on a per event basis.

The expression I’m trying to use is “Current Registration’s Event’s Host’s contains this user”

This seems like a very straightforward common sense feature.

I don’t see any work around besides copying hosts to the all registrations to a given event. This is a bad solution, both from a design and a performance perspective.

@emmanuel

Amen! 100% the same issue

As people here saying you can solve it but in a really fragile way

Try using 2 backend workflows

1. to extract the values of y and put them on a field of x when x is created
2. to update x when y is changed.

Save a reference to x in y for easy referencing. It’s annoying and adds unnecessary bloat, but it’s easier and less error prone than manually filtering every search in your app.