Possible to check if the current user has permission to access a specific app?


Is there a way with JavaScript to check if the current user has access to a specific app? I would use this to hide certain links in the sidebar component that I share between apps using a module. I see that I have access to the current user groups, so I could implement it that way, but I'd prefer an explicit permission check against the app itself. That way I could use multiple groups to grant access to specific apps and I wouldn't have to worry about modifying my sidebar for each new group I create.

Thank you!

Hey @ffaubert!

If you have permissions set up to allow users from the 'production_users' group, for example, you could do something like this perhaps:

{{ !current_user.groups.find(group => group.name == 'production_users') }}

If this condition is in the component's Hidden field, it would hide the component if the user is not in the 'production_users' group!

Aside from that, this is a feature request that already exists internally so I'll keep you updated on its progress :slight_smile:

1 Like

Hi Victoria,

Any update regarding this feature request?

We need to be able to read the permissions object, to make the validations more dynamic, and not depend on changing them and updating the permissions, as it is a double work.


Hi @cejaramillof! As far as I can see there aren't plans to add more granular permission controls within an app right now (going based on the request Victoria mentioned). Would you mind describing your use case a bit more? Do you have any specific examples of validations in mind?

Hi @Kabirdas,

Basically, is to have an app with a sidebar or menu, in which I have a series of apps, and if the user has the group that has the perimso to see, show the button, if not hide it.

I see, the navigation component should dynamically display apps based on a user's permissions - that might be worth exploring to see if the tradeoff with UI customizability is worth it. If you find you need to use buttons or other components I would go with @victoria's workaround or something similar for the time being. Depending on how your permissions are managed it might be easier to keep a list of app-specific permissions using organization-wide preloaded JavaScript that you can reference but it would need to be updated manually e.g.:

(Where b9def380-ff8d-11eb-a90c-xxxxxxxxxxxx is the app UUID).

Do one of those solutions look like they could work?

Hi @Kabirdas In my retool i have 6 web app, now i need to give access for the certain app to the particular user only, for the other user the app should not be visible is there any code for that. In the below image i got the app uuid and i have some questions regarding the image

  1. In the preloaded java script what is user1@retool.com
  2. Hidden works for the component how it will be available for the app.

please help me regarding this issue and can you give me a detailed explanation about it.

Hey @gangaaram_tech!

To revoke permissions on an entire app there's a built-in UI that you can use to configure user permissions. Docs on that exist here!

In order to use it you'll need to be on the Business plan or higher.

I'm also interested in a way to build a side bar nav menu that could be filtered dynamically based on the current_user object. The nav component has a dynamic option, so logically I would want to put something like {{current_user.apps}} or however y'all decide.

Hey @Ian_Donaldson! Would you mind sharing a bit more context about what you're looking to build? What would you like to filter? I believe we actually do allow users to create a dynamic nav bar depending on the current_user!

I built a shared module that has our company branding and dynamically builds a navigation menu based on the users group access. When I look at the current_user object in our version of Retool (v2.117.3) I didn't see anything on the user object that says anything about their assigned groups.
Perhaps when we update our instance, this feature will be natively available?

Ah, I believe so! The current_user object has the groups property now :slight_smile:


Also, I’d definitely recommend upgrading in general! I think we’re at v3.30 now and have shipped a lot of exciting updates and bug fixes since v2.117.

With that said, a big version jump might cause parity issues so I recommend following these best practices:


And let us know if you get stuck anywhere!