Darshan Hiranandani : Secure Data Display in Retool for External Users – Need Advice

Hello everyone,

I'm Darshan Hiranandani, We’re considering transitioning one of our frontends, which external users use to manage access to our product for their employees, to Retool. While I see great potential in using Retool for its ability to directly query the database and save time, I’m unsure about the best way to ensure data security, particularly when displaying company-specific data to users.

There are two main options I’m considering, but after reviewing the documentation, I’m still unsure which approach would be both secure and cost-effective.

The main challenge is ensuring that each logged-in user can only access their company’s data. One approach is to have the custom-built login process return the company ID(s), which can then be stored. However, I’m concerned about the security of options like local storage, cookies, or session storage, as users might be able to manipulate them. I attempted using a Retool “variable” to set the state, but I’m still not convinced that it’s secure enough.

Has anyone tackled this issue before? I’m also wondering whether it’s feasible to always go through my API to use an authorizer without sacrificing the time savings that Retool promises.

Additionally, when it comes to external users, I’m unsure about how to control which data they can access. I’m not talking about app-level permissions, which are straightforward, but more about restricting access to specific data.

Any advice or suggestions would be greatly appreciated!

Thanks in advance!
Regards
Darshan Hiranandani

Hi @darshanhiranandani23, you could build this with External Applications and create Permission Groups to restrict access not just to Apps but to specific Resources as well.

Instead of using localStorage to distinguish companies, you could set User Attributes, which can be referenced at the app level with {{ current_user.metadata.<nameOfAttribute> }}, and use this Retool API endpoint to add/update those attributes.

However, if security and data privacy are your main concerns, the best practice for your use case is to implement Retool Spaces:

Retool Spaces is an organizational feature that allows you to split your Retool organization into multiple isolated ones, creating a multitenant experience. After enabling Retool Spaces, you retain your original organization as an Admin Space , and you can create any number of alternative spaces.

Each space has its own:

  • Subdomain
  • SSO configuration
  • Source Control configuration
  • User accounts and permission groups
  • Retool Database
  • Folders, apps, workflows, modules, queries, resources, etc.

This, however, is an Enterprise feature. If you would like to see the full potential of Retool on this plan, feel free to book a demo here.