Want to make sure I’m taking the right/optimal approach before building this in my app…
I have a portal app where individual users are employees at companies that are my customers, so:
Users = employees of company, e.g. Francine
Customer = company, e.g. ABC Company
I would like to use Roles to ensure that users can see all their customer data but cannot see any other customer data. So Francine and her colleagues can see all data related to ABC Company, but they can’t see any other company’s data.
Also, I need a role for my company’s ‘admins’ to see all the data but not have access to the app editor and data tables.
If I understand the videos and articles, I should use Roles and Owner columns to secure the rows. Can I just use a company field on the user profile as the role, or do I need to put company names in the role column? Or something else?
Then to give access to records in a table, so I need to make the company (or role) column an owner? And do I need to add a second column with our internal company name, and then combine them into an array column and make it the owner?
You see, I’m very confused. So any guidance, example apps, videos where someone implemented exactly this, I would be grateful. Thanks!
You can use whatever you want. Just make sure it’s a value that’s not going to change in the future. Once the a Role and Row Owner values no longer match, then nobody will have access to the data.
Yes
Multiple columns can become Row Owner columns. You are not restricted to one column. Assign the company column as a row owner and create another column for your Admins as a row owner. An array is not necessary, and would not work anyway, because it’s a computed value that’s computed on the end users device.
Thanks you @Jeff_Hager ! I got it working as you suggested. I assigned roles to the Company column for my users. Then I made the company column an owner on a relevant table. Then I added another column of admin emails and set it as an owner too.
Next question:
How can I pass through those permissions to related tables? Or do I need to create separate owner tables on every one? That would mean I need to use automations and update forms to include that info. Or do you have another approach?
You need row owner columns in all tables where you want to protect data. Ideally you would set it up so those row owner columns are populated when each row is added.
Yes, you will need row owner columns in each table where the company data needs to be isolated.
These column values can be populated when new rows are added (as column values or user profile values).
Emails, as in plural?
A joined list of emails won’t work as a row owner value. It needs to be either a single email address, or a role value (text string). For your use case, I would give all admins an “Admin” role, and then use that as a row owner value in other tables (rather than email addresses).
Okay, so unfortunately with Glide Tables you are limited to one role per user. At least for now. Hopefully that will change in the future, but for now that is what it is.
So you need to choose. Are you wanting to give your Admin users multiple roles?
It might not be necessary, because you can have multiple Row Owner columns.
So in the example of your Data Tables, you might have two owner columns - one for the Company ID, and one for Admins. You put the “Admin” value in every row in the Admin owner column, and the Company ID in the appropriate rows based on Company.
I hope that makes sense, but I think it will get you what you need?
So, to clarify, in the User sheet, I have two columns, one with Role and one with Company. I assign the Admin role to anyone in my company. For users in other companies, I put their company name in the Company row - do they need anything in the Role row (e.g. Customer)?
Then in my data table, I create two owner columns, one for Company and one for Roles, and I put the company name in the former and ‘Admin’ in the latter?
No, not exactly.
You would need an entry in the Role column for every user.
For those in the parent (your) company, it would be the word “Admin”.
For everyone else, it will be their company identifier. It could be the Company Name, as long as it’s unique and doesn’t change. But it would be better to use a CompanyID - which could be the RowID from your Companies table. That’s the best choice, as it’s guaranteed to be unique, and will not change.
Correct.
Admin in one, and whatever you’ve used for the Company Identifier (Role in the Users table) in the other.
@Darren_Murphy , I’m having an issue on this another table to which I added these two columns. On form close, I created an action that adds ‘Admin’ to the Admin column and the company name to the Company column, but instead on add the app is putting the user email in both columns instead. How to fix this?
That can sometimes work, but it’s not the best way to do it. What you should do is pass them as column values with your form. You should be able to pick them up from your User Profile row. On your form screen, add two extra components, and choose “Values from User Profile” (see below). Just make sure that you point them at the correct columns.
Thanks @Darren_Murphy , I’ve added both Role and Company from the user profile and pointed them to the owner columns Admin and Company, respective. It writes the company name in correctly, but how do I get it to overwrite the user’s role to enter Admin in the Admin column?
ahhh - I think you need an extra Row Owner column in your User Profiles table.
Assuming that your Admin users should be able to see all other users - yes?
So add one more basic text column, make it a Row Owner, and put the word “Admin” in every row.
This will kill two birds with one stone:
It will give your Admin users access to all rows in the Users table, and
You’ll be able to use it as a column value with your form.
Ok, I think this is working. I had a bit of a bug there where nothing was showing up, though the data were entered correctly in the form and table. But then started appearing. I will do more testing to be sure.
