Newer to Bubble but trying to figure out the correct ways to structure a database for the best speed and security, when there is multiple teams/companies using the application but data should be private to each team.
Example of application: a SaaS product that helps teams with task management.
So there would be the following data types:
Company
User
Task
So Users in Company A can add tasks, which can be seen by other users in Company A. But no one from Company B (and any other companies that use the application) should not be able to see these tasks at all (even though they are using the same Tasks data type).
What are the recommended ways to structure this for the best speed and security?
So In your User data type, create a field called company, and in your Task data type, create a field called company. So every time a user adds a Task, you would add the user’s company to the Task. And in the privacy rule, under the Task data type, you can make it visible only when this condition is met:
“This Task Company is Current User Company”
If that condition is met then you can mark “view all fields”. But in the next condition that is “Everyone else (default permissions)”, You can uncheck the view all fields.
With this you can make the Task as private as possible.
You’ll want to add the Company field to both the users and the task, and any time a user creates a task make sure it adds the Current User’s Company to that task.
Anytime you are displaying data, make sure when you do your search for tasks, that one of the Constraints is that the task’s Company = Current User’s Company.
This way your only creating tasks that apply to that user’s company, and seeing tasks that only applies to that user’s company. And then as @iwakinomotoye said to add the Privacy Rules and you can sleep safely knowing that nobody is seeing data they shouldn’t!
Thanks very much @iwakinomotoye and @bcart0v, that helps and makes sense.
The Bubble video is also really good, I think I need to watch more of the videos on that channel!
