We are on the Business Tier and have external users accessing a few applications within our Retool instance. To grant access we've created a particular Permissions group for them that grants access to the application and we attach metadata to each individual user that indicates the permissions the user has within the app. We then use {{ current_user.metadata.permissions }} to choose what to render in the app and what queries to enable or disable access to.
We make these metadata assignments when inviting the user to the app, and we're finding that upon acceptance of the invite, the user's metadata is wiped empty. This creates a major issue upon first access of the application as they have no permissions assigned and thus cannot interact with anything in the application.
Is there a way to prevent the user metadata from being erased upon accepting the invite?
