We use a 3rd-party REST API as a resource for multiple queries. The API is mainly intended to be used for server-to-server interaction, so there is only one set of authorization credentials (basic auth using client id and client secret). Therefore, we can only create a single retool resource to interact with it.
The problem is that we need to restrict the use of each of those queries based on user group. While we can restrict resources by user group, we can’t restrict individual queries by user group.
Hey @charleskoehl and sorry for the delay! That’s correct, we don’t currently support query based permissions, but it’s definitely something we’re thinking about.
Hey @charleskoehl - you could possibly build a lightweight wrapper rest API that supports end user authentication and calls out to this 3rd-party API and do all your security checks within that lightweight API? Just an idea until retool offers something like this?