After reading this article you will know:

  • What model permissions are
  • How to set model permissions

Permissions

Permissions determine what a user can and can't do in your application. They are split in 5 different types: Read, Export, Create, Update and Destroy.

  • Read: The read permissions determine if a user can view the data of the model. When the read permissions are turned off for a role, the grid will still be visible, but the data within the grid will be empty.
  • Export: The export permissions determine if a user can export data from a model to an export file. When the Export permissions are turned off for a role, the export button in the navigation bar will not be visible on grids of that model.
  • Create: The create permissions determine if a user can create new records for a model. When the permissions are turned off for a role, the New button of a grid will not appear.
  • Update: The update permissions determine if a user can update existing data in the model. If the update permissions are turned off for a role, the Edit button will not be visible in the grid form. Although when a user does have the Destroy permissions, the Edit button can be used, but only to use the Delete button.
  • Destroy: The destroy permissions determine if a user can remove a record from a model. If these permissions are turned off for a user the Delete button will not be visible in the grid form.

All these permissions can be set per model by editing the model you want to set the permissions to. This is done very easy with checkboxes for each role.

Besides checkboxes, you can also set the permissions using filters or expressions. By clicking on the button on the right side of the role, the way of setting up permissions will be changed. This way permissions can be set so users can only edit records that have a specific value. Within these filters the current user is also available, this allows you to set up even deeper permissions based on the user's properties. More about filters and how to set them up can be found in this article: Filter Reference.

Combining Roles and set permissions

In some cases, users can have multiple roles, as they have multiple purposes within an application. This also means permissions on the same models overlap. The platform then has to decide when one role is leading, and when the other role is leading.

This depends on the permission in question.
Let's say a User has Role A  and Role B.
Role A has all permissions on a model, while Role B has none. Like this:

The permissions of a role can be divided in 2 different outcomes, which are:

  • The enabled role is dominant (Create, Update and Destroy)

This means the user has a role with the permission set to true, so it allows him to do so. Even if a different role of the user has the permission set to false, the user is allowed. 

In our example, the user is allowed to create, update and destroy records.

  • The disabled role is dominant (Read and Export)

This means the user has a role with the permission set to false, so it forbids him to do so. Even if a different role of the user has the permission set to true, the user is forbidden.

In our example, the user is forbidden to read and export records.

More about permissions and combining different roles can be found here: Permissions in Betty Blocks.

Did this answer your question?