Hi. @Tess
How are you ?
I can't drop down this option.
I need to tick specified env option on check box
Plz tell me about solution.
Thanks.
Hi @Jomarie_Janer Thanks for reaching out! Hm, that is strange. I haven't been able to reproduce this issue yet. What version of Retool # are you on? Are you unable to drop down any options, or is it only impacting specific resources?
Thanks for the detailed update! Looking into this issue!
Hi @Doglas,
Are you still seeing this issue? I get a 404 as soon as I switch to an environment that I shouldn't have access to:
Any chance that user had prod access in a different permission group?
@Tess, I'll describe it here step by step:
-
I set up a Dev user group (see image from my last post) with "Edit" access to staging and development environments only.
-
I have associated this user group with a specific user and this user is only associated with this group and "All Users".
-
Within an application, this user created a query in the staging environment and saved it.
-
The user changed the current environment to production (which they do not have access to).
-
In this new environment, the user will not be able to edit the query content or execute it. (that is good, but not enough)
-
But... the user can press the "preview" button and finally run any query he wants in the production environment.
Problem: Any user can create any query in an environment they have access to and run it in any other environment they don't.
Expected: Since the logged in user does not have access to a specific environment for any resource, this environment should not appear as an option for him. But if the user has access to a specific environment for some features and not others, when he changes de environment, in addition to editing, he should not be able to execute "preview" and "run" actions.
Hi @Douglas,
Thanks for these details!
The "You cannot edit queries in the production environment" error should come up when the user has "use" permission in prod, and not edit access. With use permission, they can run & preview the query. Retool permissions will take the highest permission you're granted across all your groups; any chance the All users group has use permission? If not, can you share screenshots, so that I can share it with my team internally.
If there is no edit, own, or use permission in production, they should hit a You don't have access to resource xyz in the production environment error when trying to run or preview
If you're not seeing this behavior, could you confirm the following - are you using v3.33? Are you using source control? As per above notes, can you ensure the user doesn't have use permissions from another group?
Currently, the production environment is always the primary environment, but we have a request in our backlog to set other environments to be the primary - or to rename production
1 Like
Hi @Tess
In fact, the "All Users" group had usage access to all resources. If I'm not mistaken, the possibility of editing access to specific resources in the "All Users" group is something recent, right?
Regardless, the important thing is that we can remove usage access for all resources in the "All Users" group and add edit permission on all "dev" and "staging" resources in the "Dev" group. This already helps a lot!
But, just confirming: this implies that it is not possible to have the same user who can develop apps while restricted to the "dev" and "staging" environment and use apps in the prod environment, as he will consequently be able to create queries in an environment and execute them on another. Right?
I'm not aware of recent changes 
An editor that is restricted to dev & staging (non production) should not be able to execute queries in production or other environments that they don't have access to.
In more detail, an editor in staging - no permission specified in production - can create a query in production, but they can only run it in staging.
An editor in staging and "use" permissions in prod - can "create" a query in prod, but cant actually write a query (its just blank). They cannot edit in prod, but can run existing queries
Hi @Tess,
We are having exactly the same necessity. Unfortunately, the dropdown to show the database environment is broken! I can see that we are receiving the environment in the retool request, but the dropdown is not able to show it. @Tess could you please direct us to a working solution please ?
Hi @Jonathan_C Do you mean the dropdown on the Permissions settings page? Are there any errors in the console? I'm trying to reproduce this for our team, but I'm not seeing the same behavior on my side