Collection Permissions
Provide an extra layer of protection for sensitive data such as emails, names, or birthdays by setting up permissions on your collections!
Last updated
Provide an extra layer of protection for sensitive data such as emails, names, or birthdays by setting up permissions on your collections!
Last updated
Skill Level: Intermediate
Know the basics of Databases and how to set them up.
Know about conditional visibility.
Know about filters and conditions.
You do not need a paid Adalo plan to use this feature.
Setting up permissions on Collection data provides some extra protection of sensitive information and is quite easy to do!
Updating collection permissions is different from just hiding this information from users by using visibility rules. Instead of just hiding the information, the data is not even served to the users device from the database.
1. Click on the database icon in the left menu of the Adalo Builder.
2. Click on your Users collection, then choose Records
3. In the top right corner of the records popup, click on the Shield and Key icon
4. On this screen, you can select different properties in the User collection and change who can View and who can Edit that particular property. Note that no one is able to view the password property - not even the owning user.
5. Under the View and Edit dropdowns you have a few options to choose from:
Everyone - This allows any user to view or edit the property if your app is designed for them to do so.
Only Logged In Users - This allows only users who are logged into your app to view or edit a property if your app is designed for them to do so.
Only the Record Creator - This means that only the user with the email listed on the user record can view or edit the property if your app is designed for them to do so.
Nobody - This data will not be accessible to anyone outside of the Adalo Builderil Database UI.
6. Once finished editing the permissions, click Save and Close in the bottom right of the popup.
2. Click on the more button next to the Database Collections heading.
3. On this screen, you can select how these collections will handle the creation of new records, who can view those records as well as who can update & delete those records.
4. These dropdowns provide the following options to choose from:
Everyone - This allows anyone to perform that action
All Logged In Users - This allows any user that is currently logged in to perform that action.
Some Logged In Users - This allows only certain user-related properties to perform that action. See the requirements below.
Nobody - No one can perform that action
Some Logged In Users requirements A relationship property to the User Collection must be set up in that collection in order for this to be an option in this dropdown list.
This feature is currently limited to a relationship depth of 2. Meaning a relationship of a relationship can be used but no further. Each related property should have the toggle set to 'checked' in order to be active.
Applying permissions to relationships is only currently possible for relationships to the User Collection. Improvements to extend this functionality are planned on the roadmap.
Rules based on properties in Other collections are currently not possible and is a planned feature for the future.
This feature is completely optional but can help provide extra safeguards for sensitive user data.
This feature is retroactive for the User's collection. The Email, Username, Full Name, and Password will only be able to be changed by the owning user by default. For instance, john@test.com can only edit his own email, username, full name, and password. You as the app maker, can however, change these default permissions if you want to.
If you need additional help with this article, you can always ask in our community forum! Be sure to paste the link to this article in your post as well!
Do you have a tutorial or help doc request? Let us know!
1. Click on the database icon in the left menu of the Adalo Builder.
