User Roles & Permissions
Keep tight control over user access levels using User Roles & Permissions
Why Use Permissions? π‘
Whether you're building an Internal Tool, a Client Portal or a Partner Portal, it's critical to control who has access to what information.
Permissions let you control what your users can see and how they can interact with data in your apps. You can use permissions to:
Limit which pages users can access
Limit which records a user can read, edit, create or delete
Hide sensitive fields from certain user types
Create secure multi-tenant applications
New to permissions? Start with our Permissions Quick Start Guide for a practical introduction.
Access Control Methods
Noloco provides three complementary approaches to control user access:
π Permissions
High
Secure data access
Data & API tab
ποΈ Visibility Rules
Medium
UI experience
Build mode
π Filters
Low
Data organization
View configuration
Learn when to use each approach β
Permission Types
π Record-Level Permissions
Control which records users can access within a table.
Example: Sales reps only see accounts in their territory.
Set up Record-Level Permissions β
π·οΈ Field-Level Permissions
Control access to specific fields within records.
Example: Hide salary information from non-HR staff.
Set up Field-Level Permissions β
User Roles
Built-in Roles
Noloco provides two default roles:
Team Admin: Full access for internal team members
User: Default role for external users (clients, partners)
Custom Roles
Create additional roles for complex access patterns:
Pro plan and above: Add unlimited custom roles
Role-based permissions: Each role can have different access levels
Multiple roles: Users can have multiple roles (permissions are additive)
Quick Setup Guide
1. Plan Your Access Model
Identify user types (Admin, Agent, Client, etc.)
Define what data each type should access
Determine required security level
2. Create User Roles
Go to Settings > User Roles
Create roles for each user type
Assign roles to users in the User table
3. Configure Permissions
Navigate to Data & API tab
Set permissions for each sensitive table
Test with "View as User" feature
4. Test and Refine
Verify security and user experience
Adjust permissions based on testing
Permission Configuration Examples
Example 1: Client Portal Setup π’
Goal: Clients only see their company's data
User Roles:
Admin (internal)
Client (external)
Permissions:
Record-level:
Company
equalsUser's Company
Field-level: Hide internal pricing and notes from Client role
Testing: Use "View as" Client user to verify restricted access
Example 2: Real Estate Team Access π
Goal: Agents only see assigned properties
User Roles:
Manager (full access)
Agent (limited access)
Permissions:
Record-level:
Assigned Agent
equalsLogged in User
Field-level: Agents can't create properties or edit status
Testing: Switch between Manager and Agent views to verify differences
Advanced Permission Patterns
Multi-Tenant Applications
Each tenant's data completely isolated
User organization determines data access
Shared resources controlled by admin roles
Hierarchical Access
Managers see their team's data + their own
Multiple permission rules for complex reporting structures
Inherited permissions from organizational structure
Progressive Access Levels
Viewer β Editor β Admin permission progression
Feature access increases with role level
Training and onboarding-friendly structure
Plan Feature Availability
Troubleshooting
Having permission issues? Check our comprehensive troubleshooting guide:
Permissions Troubleshooting Guide β
Common Quick Fixes
Users can't see records: Check if permission rules exist for their role
Fields still editable: Verify field-level update permissions
Changes not applying: Test in incognito window and check role assignments
Best Practices
Security First
Start restrictive: Grant minimum necessary access
Test thoroughly: Use "View as User" extensively
Layer protection: Combine record and field permissions
Regular audits: Review permissions as your app evolves
User Experience
Clear communication: Users should understand access limitations
Consistent patterns: Similar roles should have similar access
Graceful degradation: Provide helpful messages for denied access
Performance consideration: Complex permissions may impact loading times
Maintenance
Document decisions: Keep track of permission logic
Version control: Test changes before production
User feedback: Monitor if permissions help or hinder workflows
Simplification: Consolidate rules when possible
Related Guides
π Permissions Quick Start - Get started quickly
π Record-Level Permissions - Control record access
π·οΈ Field-Level Permissions - Control field access
π₯ Testing as Other Users - Validate your setup
π οΈ Permissions Troubleshooting - Fix common issues
βοΈ Permissions vs Visibility vs Filters - Choose the right approach
Remember: Permissions provide the foundation of secure access control. Always implement proper permissions before relying on visibility rules or filters for any security-sensitive scenarios.
Last updated
Was this helpful?