User management for external users revealing sensitive information

Hey team – not sure if this is a bug or intended behavior.. new to retool!

Here's what's happening:
– we have a set of pages we are using as a dashboard for our customers (aka external people who should not have access to any resources, editing pages/queries, etc.
– we set up their account to have access to just the pages that we want

However what we're seeing now is that none of the pages work without giving them access to the resources. And if we give them access to the resources, they can access them by hitting Command+K and navigating to the sensitive resource page (exposes production endpoints/configurations for our DB)

are we doing this correctly / is this intended behavior? What's the best practice here for what we're trying to do?

thank you very much!

Hey @Kian!

  1. Welcome to Retool :slight_smile: Glad to have you here.
  2. If the users are simply viewing/using the apps, then they shouldn't need additional resource access. If the users are editing apps, then I believe they'll need access to the resources.
  3. If a user has access to the resources, then it is intended that they can view the resource setup pages by using Command+K or navigating to the resource directly from the Resources tab.
  4. For best practices, it sounds like you'll want to have a "Viewer" group that is able to view and use apps without editing them or without accessing resources! Does this sound aligned with what you'd like to do? And let me know if this *is* what you're doing, but still running into issues!