Updating role - security

i have a choice that allows a user to update their role.
this is only visible for certain admin users in order to test certain new features in the app

I’m guessing since this is hidden by a visibility condition, this isn’t the safest thing to do? and any user is able to go around this & change his role

even if i remove this component, how secure is it that a user is able to edit his role field in Glide.

If you have a component with a visibility condition based on user email (just for example), only the users with the correct condition will be able to see/use that component.

If you have two or three ‘top’ users that periodically need to upgrade to “admin mode” in order to test something, that seems reasonable and safe enough.

If you change that visibility condition for a user (downgrade them), then when the app updates on their end, they will no longer see that component.

That being said, it might be best to implement a ‘test mode’ flag in addition to your ‘admin’ flag and use that instead. In other words, don’t let the Admin flag pull double duty – it will be harder to separate them later after more development has been put into your App.

When you say Role, are you referring to the Role that’s configured as part of the User Profile configuration?

If yes, then you should be aware that it’s not possible to change that via the Glide User Interface.
You can create an action that changes it with a Set Column Values, and it will appear to change, but Glide will reverse the change as soon as the App syncs with the back end.

The only way to change it is either directly in the Data Editor, or by using the API.


Actually that is what i have known for a while.
But yesterday I tried it again & i was able to change the role from my device !

in brief the roles we use are not admin, user etc…

this app is for our partners shops. so our role is the partner name. the partner can only see rows assigned to the partner name.

we needed to create a test account to check an issue with 1 partner yesterday & although I knew roles were not supposed to change from a device I thought of trying it.

i added a choice component that allows me to assign a partner name to the app user role. that way we can view the app as the partner we wish to test some featuers.

That’s weird. This is straight from the docs.

If it works, I would consider that a glitch.