I have a couple of views (for example the full base) that should be available to certain users only (aka the admin team in this case).
I don’t understand how set the view visibility and edit rights per organizational role. How can I do it?
Yes I did read that
I’d need to have different groups of editors with different accesses, is there a way to achieve this?
My use case is the following:
- Client has one big base with several tables, one being Employees.
- Employees table has ALL employee-related data, from work email to availability to salary.
People working there should be able to view and edit their own availability, view work emails from everyone and not view or edit the salaries. Only HR should be able to view and edit the salaries.
Here is what I am exploring:
- My initial idea was to attribute various editing roles (doctor, HR) with different permissions but that doesn’t seem possible (unless I put HR as Creator level but that might be dangerous for the base structure if they can delete things by accident?).
- The second idea is to have a seperate base with the admin data (such as salary) with access to the admin team only and set up some kind of mirroring between the 2 bases (haven’t seen that function though) since I seem to only be able to link tables from within the same base.
- Third option would be to set up an external automation between the admin base and the regular base so when a new collaborator is added or an existing one edited, it’s reflected in the regular one. But what if the doctors make edits to certain columns in the regular ones they shouldn’t?
What’s the best practice in cases like this?
Thank you for your help
@Gabrielle : thank you for the clear description.
It looks like your requirement needs role based access control (RBAC) for the bases (for which we 've a feature request and its is one of the highest commented/upvoted issue).
Role based access control will allow you to define the roles specific to the base and define rules on read/write for each specific table/view/column for each role. Plus there is a notion of user owned records within each table. We will priortise this going forward. How many users do you intend to have for your client ?
Thanks for the reply, I expect to have around 50 users for my client with an increase next year. Unless I end up needing to build a front-end on top of NocoDB to handle more complex access? In that case the number of users with access to the bases will be much smaller.
Do you have visibility on the release date for the RBAC feature?