Resource 'User' able to edit resource

💬 Queries and Resources
1

I'm running into an issue with the Retool permission system. I wonder if anyone can help?

Here are the details:

  • I have a role configured called: developer

  • I have a resource configured called: dynamic-statement-resource

  • I have an app called example_app

  • The developer role has 'Edit' permissions to example_app, but only 'Use' permission on dynamic-statement-resource

With this setup I was expecting the users assigned to this role to be able to go into edit mode on the app and reconfigure queries for any resource other than dynamic-statement-resource. However, on testing it seems that users are able to add and edit queries which are aimed at dynamic-statement-resource, despite them not having edit permission on that resource.

Can you help fix the issue?

I'd like the developer role to be able to edit the app, but not add or edit queries with the dynamic-statement-resource.

Many thanks in advance!

1 Like
2

With edit permission on the app but read only permission on the resource, the user should see this message when trying to edit or creating new queries for that resource:

Screenshot 2024-10-09 at 1.36.19 PM
Screenshot 2024-10-09 at 1.36.19 PM753×435 27 KB

Check the permissions for the 'All Users' group. All users within an org are part of this group. I recommend removing access to all Apps, Resources, and Workflows for this group and setting up granular permissions for all other groups.

Screenshot 2024-10-09 at 1.39.44 PM
Screenshot 2024-10-09 at 1.39.44 PM753×210 17.6 KB

1 Like