Skip to main content
What are model permissions?

Using permissions at model level, you can provide or restrict access to information in your application.

Updated over a week ago

Important: outdated imagery

Model permissions in the permission overview are READ ONLY. See permissions on individual action setting-level for create, update and delete permissions.

You can set roles and permissions for individual models in your data model. Open the data model (A) menu and select a model (B) from the list of models. The details for the model selected are opened on the Properties (C) tab. Click on the Permissions (D) and click on the Jump to Roles & Permissions (E) button.

The details of the Roles and permission for all the individual models in the data model are displayed. In the example, the line for permissions for the Actor model is indicated in the overall model list displayed.

The Admin (F) role is currently selected from the list of roles and the details for that role in relation to the Actor model are shown based on the different columns (G) Create, Read, Update, Delete, Export - in the table view displayed.

Adding a new role

You can add a new role by clicking on the Add (A) button. The Create new role (B) dialog is displayed. Enter a name for the role (C) and press the Create role (D) button. The role is now shown in the list of available Roles (E). You can edit the permissions associated with the role for the individual models based on the requirements for your application.

Note: You can also duplicate an existing role. See Managing Roles - Renaming, Duplicating or Deleting roles for details. You need to assign a new name to the role. You can then edit the permissions that are also duplicated to those required for the newly created role.

Editing existing permissions

Once you have selected a role, you can edit the permissions for each of the models. You can expand the menu for each permission, and change as required. Ensure that the role you want to customize is selected (A). You can click on the pull-down menu to display the options (B) available for each of the permissions (Create, Read, Update, Delete, Export). You can select the required option based on the individual permissions for each model. You can choose to apply that a user with the Admin role has the following permissions with regard to creating records (Create):

  • Create (Allowed) records to be inserted based on the selected model.

  • Filter (Use filter) records based on the selected model

  • Use expressions involving the model (or properties in the model)

  • Restrict (Not allowed) the selected role from being able to create (insert records) associated with the selected model.

Managing roles - Renaming, Duplicating, or Deleting roles

You can create new roles as described in Adding a new role. You can also use the additional options available at Role (...) level (A). When you open the menu, you can:

  • Rename an existing model

  • Duplicate an existing model and apply a new name. You can then customize the settings for the individual model based on the newly created role.

  • Delete a role that you no longer required. You are requested to confirm that you want to delete the role.

What permissions are available

The following explains the various permissions that you can assign:


Insert data associated with/defined by the model.


Select or use data associated with/defined by the model.


Edit data associated with/defined by the model.


Delete data associated with/defined by the model.


Export data associated with/defined by the model.

Users with multiple roles assigned

When a user is assigned to two separate roles, for example, admin and employee. The higher role will always apply in terms of role order (admin), however, if the lower of the two roles (employee) isn't allowed to create something, the user as a whole will not be able to create this at all.


role A can read model X
role B cannot read model X.

if a user has role A and role B, then this user cannot read model X.

Make sure to keep an eye on the use of double roles when they also have different permission settings.

Did this answer your question?