I have a user group set up where members of it can only "use" one particular app as end users.
But when they log in they have this welcome screen that gives them the ability to create a web app, access the database, etc... I don't want them being able to do any of this.
I see i can send a user on log in to a certain app, but if they hit Back to Home in the bottom left retool nav they get right back to this welcome screen.
BUT! Be careful - default users with no permissions to see anything can also navigate to the Query Library Tab and run arbitrary queries on any database that is connected. I tested this even when I have the Additional setting to force them to an App immediately on login. All they have to do is know that /querylibrary is the URL and there is no additional checking if they are admins or not. Haven't found if there's any other settings that can prevent this.
The other problem is that these limited users can also see your entire Users list complete with emails! It's still in the menu on the left when they go to Settings from their user menu.
I'm already doing this, but someone can get into things they shouldn't be in just by a few clicks in that lower menu. Honestly this is the main reason I opted for the business plan (Permissions) no reason to keep it at this point, I can get just about the same functionality needed in the free plan.
Hi @dru_nasty, I'm sorry you are dealing with this issue. I would love to help!
I created an app under a Business Plan, gave "Use" permission only to the "All Users" group, and also restricted their access to all apps but one. As you mentioned, users are able to navigate to the home page through the bottom left nav. However, they shouldn't be able to create an app or access "Resources". They should see the following error messages when they attempt to do so:
1. When trying to create a new app:
2. When trying to access resources:
I'll go over the setting for the behavior we are looking for:
Once logged into your "Admin" account, go to the settings of the organization. We can get there from the dropdown opened by clicking the Retool logo on the top left of the screen (if your are editing and app), or from our profile icon on the top right (if you are at the home page).
Although you may have a custom users group, the "All Users" group has edit access to all apps by default, this may be the root cause for our issue. Go to Permissions -> All Users -> Apps and select either "Use all" or "Define specific app access" if you need to restrict access to other apps.
Here is how that should look like:
This setting is possible with a Business plan or above. Completely removing the nav is only possible with an Enterprise plan.
I hope this helps restrict access to your end users, please let me know if you have any questions.
Thanks for that response, that's how i had my permissions set up originally. Honestly, I just checked it by logging in as a restricted users and what i see before is no longer there. No welcome screen, no top nav. So not sure if something changed since then or what, but it's the result i needed. Thank you.
