"Use" permission on Resource level

Disclaimer: I have the read the docs before posting this.

I am struggling to understand how to set up an end user of one of our apps without granting them too many permissions. I have started off setting them up only with "Use" permission to the app. When they tried accessing the app, we could then see that data couldn't be fetched for the app because the user didn't have the appropriate Resource permissions.

Now we're unsure about what the "Resource" "Use" level of permission entails, as we don't want the user to freely write their own queries against e.g. our database - we essentially are looking for a level of permissions where the user can access the app and can view the data that the app fetches using only the preconfigured queries + transformers.

Hi @jangerrit, thanks for taking the time to go through the docs first.
The permission you are looking for the Resource is "Use."

For example, I created this "Permissions Group":

With "Use" only, my end users are able to see data on the table with a "Data source" that is querying "retool_db" to get data:

The button you see there is running a write query to add a new row with test data. As we can see from the screenshot, with this permission they can "use" that write query as well.

From reading that your users could not see the data, perhaps we forgot to click "Save changes" on the top right of the screen after updating the permissions (check the first screenshot). Changes are not automatically saved. If this is not the case, I would double check if we are editing the correct user group.

If you are still having issues, we are happy to take another look. You could join us during Office Hours on Tuesdays and Thursdays at 11am PST.

Hi @Paulo - basically all I wanted to confirm is that users with "Use" access to a resources can't just write arbitary queries against those resources, i.e. that they're always restricted to using the queries that the app that they have access to (with "Use" permissions). You haven't explicitly confirmed this but that's what I've gathered from yours and your colleagues replies so far. Thank you!

That is correct, even if we give the user group "Edit" permission to the App, as long as they have "Use" permission to the resource, they won't be able to write a new query. If they try, their cursor will look like ":no_entry_sign:" when they hover over/click on the text editor.

The following message will pop: