Hey there 
A friend needed a fairly basic app and I wanted to check out retool, so here I am.
I'm on a free plan and I have a few questions about user management.
If I understand correctly, it's only with the business plan that you can configure granular permissions for users?
So is it normal that once invited and logged into ReTool, they arrive at a screen like the one in the screenshot?
Hey @xan,
If I understand correctly, it's only with the business plan that you can configure granular permissions for users?
That is correct, granular permissions is available from Business upwards
So is it normal that once invited and logged into ReTool, they arrive at a screen like the one in the screenshot?
If by this you're referring to the top bar where they can decide to edit the app, then the answer is yes, this is only removed once you add granular permissions.
Thanks, @MiguelOrtiz !
Another question: for now, the app is intended for a fishing boat owner who manages one boat. Let's imagine that other boat owners become interested and want to access the app.
Basically, we would go from an organisation with one member to an organisation with several members, each managing their own boat.
I'm having a little trouble understanding how, with a simple invitation from retool to join the organisation, I can associate them with their boat and then have requests and visibility of data associated only with their own boat...
I was thinking that I would have to create a table specifically for this purpose, which I would call βownersβ with an βemailβ field, a βboat_nameβ field (which I know in advance) and also a user_sid field that I would use as a foreign_key for my other tables.
But how can I know the {{ currentUser.sid }} when I invite a new user?
I hope I have been clear and thank you in advance for your answers!
Hey there @xan,
So, for these kind of scenarios I use User Attributes which you can assign right when you create a user and invite him and then refer to within your applications.
Once you have those user attributes, then you can filter whatever queries you have using those. It's a way to achieve Row Level Security in your database. The attributes are not spoofable, so you have security that malign actors are not trying to see other users data.
Thanks! Definitely need a business plan to practice with all this configurations...
