Re: Managing user permissions

mtcsp_test · 11-17-2024 11:18 PM

For the life of me, I can't seem to figure this out, so I hope someone can really dumb this down for me.

I have an inventory management app. I'm the only one who can edit definitions/back-end, but I've added members of my organization to be able to use the app (add, edit inventory items). What I want is, to have the rest of my org be able to only VIEW the app (but they cannot add/edit items).

The default way of sharing the app with users only has "edit definition"/"view definition"/and "use the app" which doesn't serve my purposes and also requires me to add each person individually by email. This is a hassle when I need to search for and edit the roles of multiple people at once (ex. by department, by team, etc).

I saw some older solutions about creating a user table with all the emails and roles in columns, then I'm told to make a slice, but no tutorial goes beyond these 2 steps. What do I put in the slice? What expressions do I use and where? How do I reference the table/slice(?) in any of my other data/views/tables?

If anyone can point me to a really direct, step-by-step method for this, I'd really appreciate it, as I really don't understand it.... Or if there are any simpler solutions to managing user permissions, I'm all ears.

Thank you!

TeeSee1

One way you can try is to copy the app retaining the data (do not copy the data to keep the new read only app pointing to the same data source) , make all the tables READ-ONLY within the new app, delete actions that attempt to edit data and publish this to your read only users.

I did a brief test and it seems to work.

mtcsp_test

This means having 2 apps/2 different links (1 where things are editable and 1 where it's read-only)? I think it might cause confusion when sharing links and items within the organization, but thank you for the suggestion.

TeeSee1

2 apps linking to 1 data source.

Suvrutt_Gurjar

You may want to take a look at the following help article.

Control add, update, and delete operations - AppSheet Help

In general, one can control at table level which app users can only read the data from that table, which users can add and update and which users can only update and finally which users can delete the records through the above setting.

Additionally there are some very good tips on the topic that could help you.

SUMMARY TIP: User permissions, roles, and settings - Google Cloud Community

Flexible user role management - Google Cloud Community

mtcsp_test

Thank you for the links, I've checked them before.
With the first link, I need to put every "updates_only" user e-mail individually within the switch expression, which is difficult given the size of my organization and the number of people who I would like to grant "update" access.
I figure that managing users and assigning roles is easiest when it's done in a user table with a "role" column, so I was wondering how to have the expression reference a user table like that in a way that limits certain actions.

I saw the last link as being the closest to what I'm imagining, but am still really confused and wondering if there's a simpler way, as the roles I need to create don't require that many different permissions...

Steve

If you have only two access levels, you can use the two built-in roles: Admin and User. These are managed within the app editor:

Your users only need the Use app permission unless you intend them to use the app editor in any way (which you probably shouldn't).

I've added members of my organization to be able to use the app (add, edit inventory items). What I want is, to have the rest of my org be able to only VIEW the app (but they cannot add/edit items).

I imagine those who add and edit items would be given the Admin role while the rest would have the User role. You could then use an Are updates allowed? expression in each tables' settings to give Admin users add and update access and read-only access to everyone else.

IF(
  ("Admin" = USERROLE()),
  "ADDS_AND_UPDATES",
  "READ_ONLY"
)

If all or many of your users will have the same email domain name, you can give them all access by sharing the app with the domain:

See also: Control add, update, and delete operations, Share: The Essentials

mtcsp_test

Thank you for your reply.
I did consider this, as the If UserRole() expression seems to be the closest to achieving what I need, but Admins are able to edit definitions and the back-end, correct? I can't have that, so technically need 3 access levels:
Admins - few people, who can edit and view the backend
Users - a hundred people or so, can add and update items
Read only access - a few hundred people, the rest of the organization

Is it possible..?

Steve

@mtcsp_test wrote:

Admins are able to edit definitions and the back-end, correct?

Not if you follow the instructions I provided.

@mtcsp_test wrote:

Is it possible..?

Yes.

mtcsp_test

I did as you said! But I have a follow up question.
It seems like Read Only access users are able to make changes to forms, but Appsheet simply prevents them for trying to save or sync these changes due to the table settings.

While this technically solves my problem, is there a way to just hide the Add/Edit buttons/actions that are on my app, according to the user role?
I tried to put the IF expression you provided on the Action Settings > Behavior > "Only if this condition is true", but it didn't make the button/action disappear.

Thank you in advance for your guidance.

hakangida50

[SA Kullanici]=USEREMAIL()

BU KODU KENDİNİZE UYARLAYIP SORUNU RAHTÇA ÇÖZEBİLİRSİNİZ.

hakangida50

https://www.googlecloudcommunity.com/gc/AppSheet-Q-A/Admin-how-can-view-all-data/m-p/837486#M257612

Bu konunun altına eklediğim cevabı incelebilirsiniz. Umarım yardımcı olur.

Steve

@mtcsp_test wrote:

I tried to put the IF expression you provided on the Action Settings > Behavior > "Only if this condition is true", but it didn't make the button/action disappear.

Please post a screenshot of this configuration.