I am working on embedding some Retool pages in an existing webapp accessed by both internal and external users.
The documentation states:
"If an email is specified and it matches that of an existing Retool user, Retool will update the user, its metadata, and permission groups."
which is fine for external users. However, for my internal users I'd like the ability to create embed URLs without modifying their existing groups. (Adding new ones like the "Embed" group is fine but I don't what are the existing groups at the time I call the API.)
Is there a way to achieve this? Or what solution would you suggest?
Hi @Thomas_Quenolle! Welcome to the community. Just to confirm, you're running a self-hosted instance on version 3.52, right?
I did some testing earlier today, as I previously wasn't very familiar with the role mapping that happens when generating an authenticated embed URL, and can confidently say that Retool does not touch the existing permission groups for a user that it recognizes either via externalIdentifier or userInfo.
The one thing I did notice is that it's possible to overwrite certain user data if there is ever a mismatch between the externalIdentifier and userInfo that gets passed in. As long as you are careful, this shouldn't be an issue and I think you can move forward safely!
Just to confirm, you're running a self-hosted instance on version 3.52, right?