This is more a question about using Retool for the right use case rather than technical.
I'm a fan of Retool because it allows me write simple apps rapidly, just by knowing the data model. Everywhere I go I recommend it. But I'm consistently challenged due to the fact that I need to use a user with write permissions, and this opens a window to the database.
I understand those concerns, but at the same time I know a pretty common use case is apps that write data back into the db, not just read.
So my question is:
is there a best practice that I'm missing here?
Or how can I appease the ones concerned about security?
Retool is fairly secure, even the cloud version. In the permissions settings, you can create groups that only access the given apps you need them to. You can set it to use here and further lock down the resources and workflows. It allows the users to use the app, which may write to the database but only within the parameters you set.
Thanks for reaching out, @i52sacaa! Note that some of the functionality that @Shawn_Optipath described above requires a Business plan. That said, you don't even need to connect to Retool with a write-enabled user. If you or those that you work with can find value in Retool as a read-only dashboard, then that's a totally valid use case. Are there any other aspects of this that I can address? Don't hesitate to ask!
