Is there a way to let a user use a resource only as a viewer, but not let them use it as an editor?

💬 App Building
1

Right now I'm having an issue where I've essentially become the bottleneck for all Retool work within my company because I can't find a secure and safe way to delegate access. We have certain users, for example, our data scientist, who use many of our apps as viewers, but would also like to be able to create apps of their own. The problem is, the apps they use as viewers rely on our production DB resource, so I have to grant them "Use" access to our production DB to use those apps. But if I then give them edit access on a specific app (even one that I haven't explicitly added the prod DB resource to), they can now add that resource themselves and run their own custom queries against it (and potentially alter/delete/steal/leak data either erroneously or intentionally). Is there a way to let a user "use" a resource only as a viewer, but not let them use it as an editor? Or are there other approaches here to make it more safe to delegate access to team members?

2

Hi @Alex_Long :wave: thank you for writing in and explaining your situation. Retool's permissions give a lot of power but come with some complexity.

Apologies in advance if I did not fully recreate your situation, but here is what I just tested and seems to be similar to what you're trying to achieve:

  • I have a user ("Merry Manager") who is in a group that has the following permissions
    • Apps:
      • Use "An app with a postgres query" (which has a query using resource "Sensitive postgres db connection")
      • Own "Merry Manager's Apps"
    • Resources:
      • Use "Sensitive postgres db connection"
      • Own "Merry Manager's Resources"
  • When I login as the "Merry Manager" user...
    • I can see "An app with a postgres query", access it in view-only mode, and the resource successfully executes
    • I can create a new app in the "Merry Manager's Apps" folder and create a query with the "Sensitive postgres db connection" resource however one cannot write SQL or make a query using GUI mode, so they are effectively locked out of using that resource in this app they have Own access to.
      • The one caveat to be aware of is that this user will be able to see the schema (tables, column names, and column types). I've proactively filed a feature request to see if this can be changed. We do need to think about backwards compatibility, etc. though.

Here's a quick GIF of demonstrating Merry Manager's UX for the last few bullet points above:

gif

I hope this helps and allows you to confidently and securely share app building responsibilities!

Another feature to consider making use of which will provide complete isolation of builders from each other is Retool Spaces

1 Like