Forum Documentation Showcase Pricing Learn more

Permissions - Deny creation


#1

Hi, is there a way to deny the creation of things in a specific table for a certain user ? I’ve tried denying auto-binding but I still manage to create new things… Searching trough the documentation I can only find " Create via API" permission…

Thanks in advance for your help !


#2

You need to use conditions in the workflow system. So “Create a thing” Only when “Condition is met”


#3

But does that guarantee safety of the database? Meaning, by doing that can’t a user submit a new thing in other way?


#4

It guarantees that if the condition is set correctly it won’t allow anyone that doesn’t meet the condition to execute that action.


#5

Not trying to be annoying and I really appreciate your quick reply but since I’m new to bubble I like to ask to be sure.
What I’m concerned about is some kind of attack that someone could do not using the interface of the app or by changing the interface of the app (inspect element and so) . The table I’m protecting is a payment authorization table that I only want to allow root to access.


#6

I know you are not trying to be annoying. I do get where you are trying to go and I would be concerned also.

I’m just showing you how Bubble handles the denial of creating a thing. If that is enough security it’s something you should evaluate.

In regards to your other questions I can’t give you a straight answer to that because any web technology is susceptible of being attacked.

What I can say is that the create a thing and its condition check are not ran on the client side. However if the condition is set to check a data element that is available on the client side it could be tampered with and someone could circumvent your security.

So make sure the condition check is not based on a custom state or anything that is not read directly and in the moment of check from the database.


#7

What I can say is that the create a thing and its condition check are not ran on the client side.

You’ve answered my question ! I did’t put it in the simplest way but you did it.
Thank you for you help! :smile: