After upgrading to Plus plan, non-admin user can still access everything

Hi all,
Maybe I'm not getting this.
Before adding cc information and selecting Plus plan, I created a new group X and added a single user Y to this group.
There is one admin user in the default admin group (not this Y user).
There are no users in the edit or viewer groups.
The All Users group is set to "Custom set per-app" and all apps are set to "no-access".
The newly created custom group X contains only this single user Y.
Group X is set to "Use all apps" (eye symbol checked in radio buttons).
We then selected the plus plan and added billing information.
I expect that user Y should NOT see the "edit" button or be able to access "settings" or "resources" but they can do both. I have tried logging out and logging back in in incognito window to no avail.
As far as I understand the Plus plan should include this "End-user mode". Somehow I am missing something.
This is really important to us as we can't release any apps without "End-user mode".
Thanks for your help.

Ok so reading the page it says:
What’s creator mode, and what’s end-user mode?
When you build your app, you’re in creator mode. Creator mode lets you change queries, move buttons around, etc. Generally, this is the mode engineers are in.
End-user mode is meant for end-users, who don’t need to modify SQL queries or change the placement of buttons. You typically don’t want your end-users modifying apps, so you want to give them in end-user mode.
End-user mode is available on the Plus plan and above, and access controls are available on the Pro plan and above.
I guess the groups stuff does not apply to me but how do I make a user “End user” and not “creator”?

@philip-murphy-x24 thanks for reaching out and apologies for our delay.
The plus plan includes “unrestricted end user mode” which means that your user can switch between editor mode and end user mode, however you cannot restrict someone to only have end user mode (hence the term “unrestricted”). They will be able to change between end user mode and editor mode freely.
The pro plan allows for “granular access controls” which means that you can restrict users’ access to only certain apps and also to only access them via end user mode.
I hope that clarifies things for you. I’m sorry for the confusion on the pricing page! This is something that we’ve gotten mixed feedback on and will be clarifying soon.

Ah my mistake, didn’t catch the subscription feature difference. @alex, Is there a visual difference on the permissions page between Plus and Pro accounts? How Philip has the permissions set up sounds like the same options and toggles as when I want to accomplish the same thing on my Pro account.

Thanks for the feedback guys. I appreciate it. I’m afraid the pricing page is very misleading so. To me “unrestricted end user mode” doesn’t mean that the end user can also be an editor. It means I am unrestricted by the billing plan. If I wanted to indicate that the end user could also edit I would state “no restricted end user mode” rather than “unrestricted end user mode”. I feel the difference then would be crystal clear.
@alex-westreich the options are seemingly identical for the free/plus plans and the pro plan however there is a warning box that granular permissions are not part of the plus plan, which is fair enough but I understood that “granular permissions” mean “per-app” permissions, ie far more granular than simply preventing end users from messing around with the app or heaven forbid the databases it connects to. It means in fact “any form of restriction” of the end user’s behaviour except being able to change billing plan it seems. The confusion arises because:

  1. The Plus plan’s description of “unrestricted end user mode” is IMVHO misleading though I am sure not intentionally so.
  2. The system allows you to configure stuff that your billing plan doesn’t allow (albeit with a warning). This is clearly a marketing tool so users see and can interact with a feature they can upgrade to. I think it would be fairer to let users on free and plus plans see the feature but not interact with it and certainly not have a “save” button that saves settings that never do anything. At least the save button should be grayed out with a dialogue explaining why.
    We cannot have “end users” being able to modify database tables and add users (they can also do this stuff it seems so we’ll be upgrading to a pro plan I guess. The software is great but some of your documentation really needs improvement if you don’t mind me saying.
    Best regards,

Yeah I just re-read the pricing page and it’s super misleading guys. Quote:
“You typically don’t want your end-users modifying apps, so you want to give them [sic] in end-user mode.
End-user mode is available on the Plus plan and above”
Anybody reading that would assume the Plus plan is enough to prevent end users modifying apps. That should be updated to reflect the reality.

Ok guys, we have upgraded to Pro and I have another question. When I am logged in with a non-admin user the access control is working (can’t see resources or access apps that are not enabled for me etc.), I can still hit the “add users” button and send invitations out to whomever I want. This is not the expected behaviour is it? How can I prevent an end user inviting new users?

@philip-murphy-x24 Lot’s of good comments and concerns here, I’d agree that even on the Plus plan you should be able to limit the organization-wide permissions of users if not on an app-by-app basis. That should include adding users, because that would automatically add them to your billing plan IIRC.

The “Public Apps” feature of the Pro plan is pretty useful for separating users into a third category-ontop of Editors and Internal Users- as External/As-Needed Users. That feature lets you publish the app to a shareable link, which anyone opening it will load the end-user version of the app with no connection to the retool login system or admin tools.

Just wanted to share a quick plan name update here - in this thread, Pro was the previous name of our current Business plan and Plus was the previous name of our current Starter plan!

The information still holds true otherwise.

Business (fka Pro) and our Enterprise plans allow granular permission settings: User permissions

Is "end user" mode not available on the Team Plan? :thinking:

Hey @Lee_P! AFAIK, "End user" mode or Preview mode should be available on the Team Plan. However, the ability to restrict certain users to Edit vs Preview mode is only available on the Business and above.

This is suuuuper confusing.

I actually don't understand how you'd make a team member an "end user" under the team plan... it seems to me you can't actually restrict someone from editing the app in the team plan? And if so, why would the pricing plan show a cheaper option for "end users" which would lead me to believe you could have users who aren't allowed to make edits to the app.

IMO this pricing plan is just going to confuse all your users unless you either remove the end user from the team plan, or have some sort of built in permission to designate an "end user" in the team plan.

I find it easier to think of it retrospectively:
How many users were editing apps this month = standard users
How many users were viewing apps this month = end users
I budget for how many I think will edit + how many will view them.

It's less about fine grained permissions and access controls (you want the next tier up for that) and more about billing management and a more appropriate pricing model.
Previously every user would be billed at the higher rate. The new model is more balanced, imo.

1 Like

Thanks that's a helpful way of putting it. I eventually came to this understanding, but not after first trying to test out the team plan. Perhaps just some more clarification in the pricing plan is all that is needed