circle-info
Join our weekly
Office Hoursarrow-up-right
search
Join Office HoursAsk the CommunityHire an ExpertLoginSign up

Permissions vs Visibility vs Filters

Understand when to use permissions, visibility rules, or filters for access control

Understanding the differences between permissions, visibility rules, and filters is crucial for building secure and user-friendly Noloco apps. Each method serves different purposes and provides different levels of security.

hashtag
Security Comparison Overview

Method
Security Level
Scope
Performance Impact
Best For

Permissions

πŸ”’ High

API/Database

Low-Medium

Sensitive data protection

Visibility Rules

πŸ”“ Medium

UI Components

Low

User experience optimization

Filters

πŸ”“ Low

Data Display

Low

Data organization

hashtag
Permissions (Database/API Level) πŸ”’

hashtag
What They Do

  • Control data access at the database level

  • Apply to all app interactions (UI, API, mobile)

  • Completely prevent unauthorized access to records/fields

  • Work even when data is accessed programmatically

hashtag
Where to Configure

Data & API tab > Table hover > Permissions icon πŸ›‘οΈ

hashtag
Security Level: HIGH βœ…

Data never reaches unauthorized users - it's filtered at the server level.

hashtag
When to Use Permissions

  • Sensitive data: Financial information, personal details, confidential notes

  • Multi-tenant apps: Different organizations shouldn't see each other's data

  • Client portals: Clients should only access their own information

  • Role-based data access: Different job functions need different data access

  • Compliance requirements: Legal or regulatory data protection needs

hashtag
Example Use Cases

  • Healthcare app: Patients only see their own medical records

  • CRM: Sales reps only access accounts in their territory

  • Project management: Team members only see assigned projects

  • Financial app: Users only see accounts they own or manage

hashtag
Visibility Rules (UI Level) πŸ”“

hashtag
What They Do

  • Control what UI elements users can see

  • Hide/show pages, components, buttons, and sections

  • Improve user experience by decluttering interface

  • Data is still accessible if users know the direct URL/API endpoint

hashtag
Where to Configure

Build mode > Select page/component > Visibility tab

hashtag
Security Level: MEDIUM ⚠️

Improves UX but doesn't provide true data security.

hashtag
When to Use Visibility Rules

  • UI simplification: Hide irrelevant pages from certain user types

  • Role-based navigation: Show different menu options to different roles

  • Progressive disclosure: Show advanced features only to power users

  • Branding differences: Different UI for internal vs external users

hashtag
Example Use Cases

  • Hide admin pages from regular users

  • Show different navigation menus to clients vs staff

  • Hide advanced features from basic users

  • Display role-specific dashboards

hashtag
Filters (Display Level) πŸ”“

hashtag
What They Do

  • Control which records appear in specific views

  • Organize and focus data display

  • Provide user-friendly data organization

  • Data is still accessible through other views or direct access

hashtag
Where to Configure

Build mode > Select view > Configuration tab > Filters

hashtag
Security Level: LOW ⚠️

Purely for display organization - not security.

hashtag
When to Use Filters

  • Data organization: Show active vs inactive records

  • User convenience: Default to relevant data subsets

  • Workflow optimization: Show records by status or priority

  • Performance: Reduce large datasets to manageable views

hashtag
Example Use Cases

  • Show only active projects by default

  • Filter products by category

  • Display recent orders first

  • Show tasks assigned to logged-in user

hashtag
Combining All Three Approaches

For comprehensive access control, use all three methods together:

hashtag
Layer 1: Permissions (Foundation Security)

  • Set up secure record and field access

  • Ensure sensitive data is properly protected

  • Create role-based data boundaries

hashtag
Layer 2: Visibility Rules (User Experience)

  • Hide irrelevant UI elements

  • Create role-specific navigation

  • Simplify interface for each user type

hashtag
Layer 3: Filters (Data Organization)

  • Organize data display for usability

  • Set helpful defaults for each view

  • Improve performance with focused data sets

hashtag
Decision Framework

hashtag
Choose Permissions When:

βœ… Data contains sensitive information βœ… Different users should have fundamentally different data access βœ… You need API-level security βœ… Compliance or legal requirements exist βœ… Building multi-tenant or client-facing apps

hashtag
Choose Visibility Rules When:

βœ… You want to improve user experience βœ… Different roles need different UI elements βœ… You want to hide complex features from basic users βœ… Creating role-specific navigation

hashtag
Choose Filters When:

βœ… You want to organize data display βœ… Users benefit from focused default views βœ… You need to improve app performance βœ… Data organization enhances workflow

hashtag
Real-World Examples

hashtag
Example 1: Healthcare Patient Portal

Permissions:

  • Patients only access their own medical records

  • Doctors access patients in their care

  • Billing staff can't see medical details

Visibility Rules:

  • Patients see simplified navigation (appointments, bills)

  • Doctors see clinical tools and patient management

  • Admin staff see system management tools

Filters:

  • Show upcoming appointments by default

  • Filter medications by active status

  • Display recent test results first

hashtag
Example 2: Project Management Tool

Permissions:

  • Team members only see assigned projects

  • Clients only see their company's projects

  • Managers see their team's projects

Visibility Rules:

  • Hide admin settings from team members

  • Show different dashboards for managers vs contributors

  • Hide time tracking from clients

Filters:

  • Show active projects by default

  • Filter tasks by priority or due date

  • Display recent activity first

hashtag
Example 3: E-commerce Admin Panel

Permissions:

  • Sales staff can't edit pricing

  • Customer service can't see financial reports

  • Warehouse staff only see inventory data

Visibility Rules:

  • Hide financial pages from non-finance roles

  • Show different menu structures per department

  • Hide advanced features from basic users

Filters:

  • Show pending orders by default

  • Filter products by availability

  • Display recent customer inquiries

hashtag
Best Practices for Combined Approach

hashtag
Start with Security (Permissions)

  1. Identify sensitive data and access requirements

  2. Set up proper permissions first

  3. Test security thoroughly before adding other layers

hashtag
Enhance Experience (Visibility)

  1. Add visibility rules to improve user experience

  2. Hide irrelevant pages and components

  3. Create role-appropriate navigation

hashtag
Organize Data (Filters)

  1. Add filters to improve data usability

  2. Set helpful defaults for each user type

  3. Focus views on most relevant information

hashtag
Testing Strategy

  1. Test permissions first: Ensure security is solid

  2. Add visibility gradually: Test each visibility rule

  3. Optimize with filters: Fine-tune data organization

  4. Test complete user journeys: Verify the full experience works

circle-exclamation

Security Reminder: Never rely solely on visibility rules or filters for protecting sensitive data. Always use permissions as your primary security mechanism, then layer on visibility and filters for better user experience.

hashtag
Quick Reference Checklist

hashtag
For Sensitive Data: βœ… Permissions Required

  • User personal information

  • Financial data

  • Confidential business information

  • Multi-tenant data separation

hashtag
For User Experience: βœ… Visibility Rules Helpful

  • Role-specific navigation

  • Feature complexity management

  • Interface customization

  • Workflow optimization

hashtag
For Data Organization: βœ… Filters Useful

  • Large dataset management

  • Workflow-based views

  • Performance optimization

  • User convenience features

PreviousField-level permissionsNextPermissions Troubleshooting

Last updated

Was this helpful?