Security - Employee Type

Hi,
Trying to make my app secure. I have an option for user’s called ‘Employee’ and it is yes or no (Boolean). If the user is an employee (Boolean is yes) of my company they can access a page to modify data. If they are just a user (Boolean is no) they don’t have access.

Is it possible for a non employee user to modify their employee Boolean so that they have access to the employee page? (I haven’t given users the ability to do it, but would it be easy for them to change if they understand browser stuff?)

If it is an issue is there a better way to label one user as an employee and one as not an employee?

Also if the page to change data is a page on the app and nonemployee users can type something like ‘bubble.io/modify’ to access the page is there a way to make this secure?

Set up privacy rules

1 Like