Forum Documentation Showcase Pricing Learn more

How To Setup Privacy/Security For User Data?


#1

I have “managers” that are a boolean yes/no that should be able to access any file/user/data inside the app, when logged in and manager= ‘yes’

But what is the difference between ‘current user’ and ‘this user’ ?

image

I’m trying to figure out how to block everyone from viewing users and other data within the app now, restricting them to Things they’ve created, and only their own personal user data…

Difficult to understand without breaking the app!


#2
  • Current User = the person currently using your app.

  • This User = the specific record that is being accessed.

Try setting up a privacy role for a different data type than user and the difference will become a bit easier to digest. (Ex. say you have the data type “Blog Post”, it’d say “This Blog Post”)

To add, remember that privacy roles should be established for all necessary data types that require some permissioning of when a user should be able to access it, not just on the user table. (Ie. creating a privacy role on your User table only restricts data within the user table. Not the other tables in your database).


#3

So just as an example, how can I/would I prevent the current user from viewing data on any other user via search?


#4

If the goal is prevent, the most basic thing is to uncheck all of the “Everyone else” boxes and to set up a privacy role of “This User is Current User”


#5

Is there a way to check to see if there are any conflicts once I’ve set this?


#6

Manual checks and tests are typically what I default to (ie. creating a sandbox page where I intentionally test the privacy roles). Inspect mode is helpful for showing what data Bubble did (and, more importantly) didn’t retrieve based on privacy roles.