User Roles & Permissions

Keep tight control over user access levels using User Roles & Permissions

Why Use Permissions? 🛡

Whether you're building an Internal Tool, a Client Portal or a Partner Portal, it's critical to control who has access to what information.

Permissions let you control what your users can see and how they can interact with data in your apps. You can use permissions to:

Limit which pages users can access
Limit which records a user can read, edit, create or delete
Hide sensitive fields from certain user types
Create secure multi-tenant applications

New to permissions? Start with our Permissions Quick Start Guide for a practical introduction.

Access Control Methods

Noloco provides three complementary approaches to control user access:

Method

Security Level

Purpose

Configuration

🔒 Permissions

High

Secure data access

Data & API tab

👁️ Visibility Rules

Medium

UI experience

Build mode

🔍 Filters

Low

Data organization

View configuration

Learn when to use each approach →

Permission Types

📊 Record-Level Permissions

Control which records users can access within a table.

Example: Sales reps only see accounts in their territory.

Set up Record-Level Permissions →

🏷️ Field-Level Permissions

Control access to specific fields within records.

Example: Hide salary information from non-HR staff.

Set up Field-Level Permissions →

User Roles

Built-in Roles

Noloco provides two default roles:

Team Admin: Full access for internal team members
User: Default role for external users (clients, partners)

Custom Roles

Create additional roles for complex access patterns:

Pro plan and above: Add unlimited custom roles
Role-based permissions: Each role can have different access levels
Multiple roles: Users can have multiple roles (permissions are additive)

Quick Setup Guide

1. Plan Your Access Model

Identify user types (Admin, Agent, Client, etc.)
Define what data each type should access
Determine required security level

2. Create User Roles

Go to Settings > User Roles
Create roles for each user type
Assign roles to users in the User table

3. Configure Permissions

Navigate to Data & API tab
Set permissions for each sensitive table
Test with "View as User" feature

4. Test and Refine

Use Testing as Other Users
Verify security and user experience
Adjust permissions based on testing

Permission Configuration Examples

Example 1: Client Portal Setup 🏢

Goal: Clients only see their company's data

User Roles:

Admin (internal)
Client (external)

Permissions:

Record-level: Company equals User's Company
Field-level: Hide internal pricing and notes from Client role

Testing: Use "View as" Client user to verify restricted access

Example 2: Real Estate Team Access 🏠

Goal: Agents only see assigned properties

User Roles:

Manager (full access)
Agent (limited access)

Permissions:

Record-level: Assigned Agent equals Logged in User
Field-level: Agents can't create properties or edit status

Testing: Switch between Manager and Agent views to verify differences

Advanced Permission Patterns

Multi-Tenant Applications

Each tenant's data completely isolated
User organization determines data access
Shared resources controlled by admin roles

Hierarchical Access

Managers see their team's data + their own
Multiple permission rules for complex reporting structures
Inherited permissions from organizational structure

Progressive Access Levels

Viewer → Editor → Admin permission progression
Feature access increases with role level
Training and onboarding-friendly structure

Plan Feature Availability

Permissions Plan Requirements

All Plans: Basic permissions and built-in roles

Pro Plan and Above:

Field-level CRUD permissions
Unlimited custom user roles
Advanced permission patterns

Troubleshooting

Having permission issues? Check our comprehensive troubleshooting guide:

Permissions Troubleshooting Guide →

Common Quick Fixes

Users can't see records: Check if permission rules exist for their role
Fields still editable: Verify field-level update permissions
Changes not applying: Test in incognito window and check role assignments

Best Practices

Security First

Start restrictive: Grant minimum necessary access
Test thoroughly: Use "View as User" extensively
Layer protection: Combine record and field permissions
Regular audits: Review permissions as your app evolves

User Experience

Clear communication: Users should understand access limitations
Consistent patterns: Similar roles should have similar access
Graceful degradation: Provide helpful messages for denied access
Performance consideration: Complex permissions may impact loading times

Maintenance

Document decisions: Keep track of permission logic
Version control: Test changes before production
User feedback: Monitor if permissions help or hinder workflows
Simplification: Consolidate rules when possible

🚀 Permissions Quick Start - Get started quickly
📊 Record-Level Permissions - Control record access
🏷️ Field-Level Permissions - Control field access
👥 Testing as Other Users - Validate your setup
🛠️ Permissions Troubleshooting - Fix common issues
⚖️ Permissions vs Visibility vs Filters - Choose the right approach

Remember: Permissions provide the foundation of secure access control. Always implement proper permissions before relying on visibility rules or filters for any security-sensitive scenarios.

PreviousPermissions Quick Start NextRecord-level permissions

Last updated 4 months ago

Was this helpful?

hashtagWhy Use Permissions? 🛡

hashtagAccess Control Methods

hashtagPermission Types

hashtag📊 Record-Level Permissions

hashtag🏷️ Field-Level Permissions

hashtagUser Roles

hashtagBuilt-in Roles

hashtagCustom Roles

hashtagQuick Setup Guide

hashtag1. Plan Your Access Model

hashtag2. Create User Roles

hashtag3. Configure Permissions

hashtag4. Test and Refine

hashtagPermission Configuration Examples

hashtagExample 1: Client Portal Setup 🏢

hashtagExample 2: Real Estate Team Access 🏠

hashtagAdvanced Permission Patterns

hashtagMulti-Tenant Applications

hashtagHierarchical Access

hashtagProgressive Access Levels

hashtagPlan Feature Availability

hashtagTroubleshooting

hashtagCommon Quick Fixes

hashtagBest Practices

hashtagSecurity First

hashtagUser Experience

hashtagMaintenance

hashtagRelated Guides

Why Use Permissions? 🛡

Access Control Methods

Permission Types

📊 Record-Level Permissions

🏷️ Field-Level Permissions

User Roles

Built-in Roles

Custom Roles

Quick Setup Guide

1. Plan Your Access Model

2. Create User Roles

3. Configure Permissions

4. Test and Refine

Permission Configuration Examples

Example 1: Client Portal Setup 🏢

Example 2: Real Estate Team Access 🏠

Advanced Permission Patterns

Multi-Tenant Applications

Hierarchical Access

Progressive Access Levels

Plan Feature Availability

Troubleshooting

Common Quick Fixes

Best Practices

Security First

User Experience

Maintenance

Related Guides