Limit what users can do: configuring a permission rule

In Stacker, it is possible to limit which records a user can see, edit and create by setting up permission rules.

You can create permission rules for specific tables in your data source. These rules will limit how your users interact with your data.

If you've not done so already, enable permissions for the relevant table. Once permissions are enabled, you're ready to configure your permission rules.

How to add or edit a permission rule

Stacker creates a default permission rule as soon as you enable permissions on a table. You an edit this default rule by clicking on the pencil icon. You can also add a new permission rule, by clicking on '+Add permission rule' in the top right of the Permissions settings window.

Edit Permissions in Stacker

Assigning permissions rules to User Roles

When creating a new permission rule, you must select which Role this will apply to. If you're not using custom User Roles, then you will only be able to select the default 'User' Role. This means that all users in your app will be given the same level of access.

If you are using custom User Roles, you can choose to apply a permission rule to one or more of these Roles.

By creating multiple permission rules, you can give different permissions to your users based on their Role - by applying different User Roles to different permission rules.

Limit which records users can see

A permission rule can be used to determine which records a user has access to.

You can grant access to all records in a table, or limit which records users can access.

If you choose to limit access, a permissions filter is used to determine which records are available to each user. The format of these filters is based on a single condition that must match between the record and a user's record.

For example, if you want users to only see projects that they are assigned to, your permissions rule would take the format 'Can access record only if: 'Project' matches 'User Profile → Projects assigned to'.

For rules of this kind to work in Stacker, you need to make sure there are links between records in your data source.

Table-level permissions

When creating a permissions rule, you can decide if you want to allow users to edit or create records from that table.

For example, you may wish to prevent edit access for your Customers on records such as their invoices.

These toggles are global, meaning, for example, if the edit toggle is off then users will not be able to edit any fields in the records.

If you want to restrict read/edit/create ability only for particular fields in the record read on...

Field-level permissions

In Stacker you can create granular permissions which control user access down to the level of individual fields.

For every field enabled in your table, you can choose whether your users will be able to read the field, edit the field value or set the field value (while creating a record).

Stacker automatically doesn't allow combinations that don't make sense: for example you can't edit data that you can't read.

To configure granular permissions - turn off the toggle for "Can access all fields" when editing a permission rule to choose what users can do with each field.

Field-level permissions

Then adjust the toggles in the 'Read', 'Update' and 'Create' columns to control exactly how the user can interact with each field.

Next Steps

Articles in this section