How can I set up my Bubble app so different types of users (like admin, editor, viewer) only get the permissions they need, and can’t access or change things they shouldn’t?
The way we do it is that we have a data type called Permissions with five fields:
- User
- Active (yes/no)
- List of Access (option set)
- Role (option set)
- Company (a data type dedicated to keeping track of the company’s account with us)
The Access option set contains one option for each type of permission (e.g. User management, Business details, etc.)
The Role option set contains one option for each type of user (e.g. Admin, Editor, Accountant, etc.). Each Role option contains an attribute with a list of default Access.
From a page dedicated to user management, users with sufficient permissions can add or edit users associated with their company’s account. From there they can also set a primary Role for each user and they can customize the Access list further if they want to give wider access than what is default for the role.
The Permissions data type is added as a field to each User. Privacy rules are then applied based on conditions such as “This User’s Permissions’s Access’s contains Business details”, and in the UI editor we’re applying the same type of conditions to ensure that only users with adequate permissions are granted access to different features and information.