When to create Privacy roles and why?

I’ve built several applications using Bubble and I’m fairly comfortable with it all. The one area I am struggling to fully understand its use-case and how to properly implement is Privacy rules.

Is there a video or tutorial that explains Privacy settings in depth? Is there a resource I can access that I can learn everything I need to know about Privacy rules as a Bubble developer?

I’m not sure when they need to be used and why? I’m not sure how to set up rules properly either.

Are there specific policy roles we should be creating for every application?

Any help or direction will be greatly appreciated.

This is what I’ve found so far.
https://manual.bubble.io/working-with-data/privacy-and-security

3 Likes

I think it is specific to the application and what the application does and who its users are.

For example, an application used by retailers that allows multiple users per location, so a manager and a clerk. These two may both need to view certain data, while only one should have rights to manipulate the data. Setting up privacy rules based on the users role in an organization is one use case. It would be up to the developer to decide how to implement them.

One thing I am planning on doing is providing the main user (the one who creates the first account and then signs up other users) to be able to select permissions for each user they sign up. These permissions will be used in the privacy rules.

There are so many different possibilities that it is difficult to give a one sizes fits all type of answer.

However, one thing that you could consider for every application, is that any data the user is sharing with the application and is stored in the database but is not meant to be displayed to other users of the application, this data should get privacy rules…maybe things like mailing addresses or contact details.

1 Like

“Privacy rules” are essentially Bubble-speak for row-level DB security. Without privacy rules setup, it would be possible for a bad actor to manipulate a Bubble session into spilling all rows for a given table. Most of the time, this is fine. But for tables with info sensitive to either your users (AKA their addresses/emails/etc) or any proprietary info that could ruin your business edge if it fell into the wrong hands, then you will want to install privacy rules for such tables.

Bear in mind, your DB model really should be designed with privacy rules in mind from the get go (useful to keep in mind for the next app ha) because installing the rules on certain tables can break the user experience and require re-modelling the DB in a more denormalized fashion to hide the sensitive info more easily while still making other queries run fine.

Example: you built a messagin app. You built a table to house all the threads between two users, like sending_user, recieving_user, last_active. Uh oh. Without privacy rules, it may be possible for someone to query the table to find out who’s been messaging who or find out the total number of threads going on in your app. You install privacy rule that states a user may only view thread rows for which they are either the sending_user or recieving_user. But now you just broke a functionality that allows erroneous users to find out any other user’s last_active time, so now you must remodel. See what I’m getting at?

3 Likes

Just wrote an article on this that may be of interest: Privacy Rules in Bubble.io: What you need to know

I’m happy to expand it if there are things it doesn’t explain well enough or questions that it doesn’t address!

2 Likes

I’m loving these articles Petter, your review of how Bubble handles dates proved to be very helpful for an app I was previously working on. Hope they keep coming! Kudos!

1 Like

Thank you @DSJacob, I appreciate that, and glad I could help you out!

They’ll keep coming :slight_smile: