Secure Data Handling

Use this when:

  • Sensitive or private data should not be visible to all users.
  • You want to avoid exposing unintended records through APIs, exports, or reports.
    Example Use Cases:
    • A fitness app where each user should only see his training sessions.
    • A company dashboard where employees can only see their own performance metrics

User-Specific Data Views

Use this when:

  • You want to personalize the app experience based on user role, department, or ownership.
  • Different users or roles should see different subsets of data.
  • You’re building multi-tenant applications where users should not see other tenants’ data.
    Example Use Cases:
    • A CRM where sales reps only see leads assigned to them.
    • A school app where teachers can only view students in their classes.
    • An admin panel where different roles (admin, editor, viewer) have different data access levels.

Accessing Security Settings

1

Navigate to app security

Open your app workspace and go to the “Security” tab.Security Dashboard
2

Access your security dashboard

  • In the security dashboard you can see a list of your application data entities
  • Each entity shows its current security status: Public or Restricted.
3

Edit your security rules

  • Click on an entity to view or update its security rules.

Security Modes

  • Public Access (No Restrictions) - All users can access all records in the entity.
  • Restricted Access - Only users matching defined rules can access records.

Rule Types

Read Access Rules When editing an entity’s security, you can define rules for:
  • Read Access
  • Write/Delete Access
Each rule can be one of:
  • **No Restrictions **
    All users can access records.
  • **Creator Only **
    Users can only access records they created.
  • Entity-User Field Comparison
    Compare a field in the entity (e.g., ‘Organization’) with a user property (e.g., user’s ‘Organization’)
    Example: Only users whose department matches the record’s department can access it.
  • User Property Check
    Restrict access based on a user property like ‘role’ or ‘email’.
    Example: Only users with the role “admin” can access records.

How to Add or Edit Rules

1

Choose access type

Switch between Read Access and Write/Delete Access tabs.
2

Add rule

Click “Add Rule”, select a rule type, and complete the required fields.
3

Multiple rules

  • Add multiple rules if needed.
  • Access is granted if any rule matches (OR logic).
4

Custom write/delete rules

  • By default, these inherit from read access.
  • Click “Create Custom Write Rules” to define separate rules.
5

Remove rules

  • You can click Remove All Rules to remove your entity security rules.
  • Use “Remove All Rules” to make the entity public again.

Generated Rules (JSON)

All rules are shown as read-only JSON for transparency.

Example Scenarios

  • Public Entity: No rules set — all users have access.
  • Creator Only: Add a rule so users can only see their own records.
  • Department-Based Access: Match the record’s 
    department
    field to the user’s 
    department
    .
  • Admin-Only Access: Use a role check — only users with 
    role = admin
    have access.

Visual Summary

  • Each entity card displays a summary of its current rules.
  • Icons and short descriptions indicate Read and Write/Delete settings.

Tips

  • You must create entities before configuring security.
  • Changes are saved per entity.
  • Always click “Save Security Rules” after editing.