Permissions vs Visibility vs Filters
Understand when to use permissions, visibility rules, or filters for access control
Understanding the differences between permissions, visibility rules, and filters is crucial for building secure and user-friendly Noloco apps. Each method serves different purposes and provides different levels of security.
Security Comparison Overview
Permissions
π High
API/Database
Low-Medium
Sensitive data protection
Visibility Rules
π Medium
UI Components
Low
User experience optimization
Filters
π Low
Data Display
Low
Data organization
Permissions (Database/API Level) π
What They Do
Control data access at the database level
Apply to all app interactions (UI, API, mobile)
Completely prevent unauthorized access to records/fields
Work even when data is accessed programmatically
Where to Configure
Data & API tab > Table hover > Permissions icon π‘οΈ
Security Level: HIGH β
Data never reaches unauthorized users - it's filtered at the server level.
When to Use Permissions
Sensitive data: Financial information, personal details, confidential notes
Multi-tenant apps: Different organizations shouldn't see each other's data
Client portals: Clients should only access their own information
Role-based data access: Different job functions need different data access
Compliance requirements: Legal or regulatory data protection needs
Example Use Cases
Healthcare app: Patients only see their own medical records
CRM: Sales reps only access accounts in their territory
Project management: Team members only see assigned projects
Financial app: Users only see accounts they own or manage
Visibility Rules (UI Level) π
What They Do
Control what UI elements users can see
Hide/show pages, components, buttons, and sections
Improve user experience by decluttering interface
Data is still accessible if users know the direct URL/API endpoint
Where to Configure
Build mode > Select page/component > Visibility tab
Security Level: MEDIUM β οΈ
Improves UX but doesn't provide true data security.
When to Use Visibility Rules
UI simplification: Hide irrelevant pages from certain user types
Role-based navigation: Show different menu options to different roles
Progressive disclosure: Show advanced features only to power users
Branding differences: Different UI for internal vs external users
Example Use Cases
Hide admin pages from regular users
Show different navigation menus to clients vs staff
Hide advanced features from basic users
Display role-specific dashboards
Filters (Display Level) π
What They Do
Control which records appear in specific views
Organize and focus data display
Provide user-friendly data organization
Data is still accessible through other views or direct access
Where to Configure
Build mode > Select view > Configuration tab > Filters
Security Level: LOW β οΈ
Purely for display organization - not security.
When to Use Filters
Data organization: Show active vs inactive records
User convenience: Default to relevant data subsets
Workflow optimization: Show records by status or priority
Performance: Reduce large datasets to manageable views
Example Use Cases
Show only active projects by default
Filter products by category
Display recent orders first
Show tasks assigned to logged-in user
Combining All Three Approaches
For comprehensive access control, use all three methods together:
Layer 1: Permissions (Foundation Security)
Set up secure record and field access
Ensure sensitive data is properly protected
Create role-based data boundaries
Layer 2: Visibility Rules (User Experience)
Hide irrelevant UI elements
Create role-specific navigation
Simplify interface for each user type
Layer 3: Filters (Data Organization)
Organize data display for usability
Set helpful defaults for each view
Improve performance with focused data sets
Decision Framework
Choose Permissions When:
β Data contains sensitive information β Different users should have fundamentally different data access β You need API-level security β Compliance or legal requirements exist β Building multi-tenant or client-facing apps
Choose Visibility Rules When:
β You want to improve user experience β Different roles need different UI elements β You want to hide complex features from basic users β Creating role-specific navigation
Choose Filters When:
β You want to organize data display β Users benefit from focused default views β You need to improve app performance β Data organization enhances workflow
Real-World Examples
Example 1: Healthcare Patient Portal
Permissions:
Patients only access their own medical records
Doctors access patients in their care
Billing staff can't see medical details
Visibility Rules:
Patients see simplified navigation (appointments, bills)
Doctors see clinical tools and patient management
Admin staff see system management tools
Filters:
Show upcoming appointments by default
Filter medications by active status
Display recent test results first
Example 2: Project Management Tool
Permissions:
Team members only see assigned projects
Clients only see their company's projects
Managers see their team's projects
Visibility Rules:
Hide admin settings from team members
Show different dashboards for managers vs contributors
Hide time tracking from clients
Filters:
Show active projects by default
Filter tasks by priority or due date
Display recent activity first
Example 3: E-commerce Admin Panel
Permissions:
Sales staff can't edit pricing
Customer service can't see financial reports
Warehouse staff only see inventory data
Visibility Rules:
Hide financial pages from non-finance roles
Show different menu structures per department
Hide advanced features from basic users
Filters:
Show pending orders by default
Filter products by availability
Display recent customer inquiries
Best Practices for Combined Approach
Start with Security (Permissions)
Identify sensitive data and access requirements
Set up proper permissions first
Test security thoroughly before adding other layers
Enhance Experience (Visibility)
Add visibility rules to improve user experience
Hide irrelevant pages and components
Create role-appropriate navigation
Organize Data (Filters)
Add filters to improve data usability
Set helpful defaults for each user type
Focus views on most relevant information
Testing Strategy
Test permissions first: Ensure security is solid
Add visibility gradually: Test each visibility rule
Optimize with filters: Fine-tune data organization
Test complete user journeys: Verify the full experience works
Security Reminder: Never rely solely on visibility rules or filters for protecting sensitive data. Always use permissions as your primary security mechanism, then layer on visibility and filters for better user experience.
Quick Reference Checklist
For Sensitive Data: β
Permissions Required
User personal information
Financial data
Confidential business information
Multi-tenant data separation
For User Experience: β
Visibility Rules Helpful
Role-specific navigation
Feature complexity management
Interface customization
Workflow optimization
For Data Organization: β
Filters Useful
Large dataset management
Workflow-based views
Performance optimization
User convenience features
Last updated
Was this helpful?