Forum Discussion

EmberKrumwied's avatar
EmberKrumwied
Qrew Captain
2 months ago

How to configure global app search

We have a request to limit what records certain users can see. Our viewer role is directed to a Viewer dashboard where all the objects (reports, buttons, charts, etc.) point to specific reports where certain parent records are filtered out based on a checkbox on the record. I have hidden ALL tables from the viewer role so their only access to the system is via the viewer dashboard.

All works as expected, EXCEPT for the global search box. The "hidden" records are not showing on the viewer dashboard reports but if they use the global search box they CAN access those records.

Is there a way to configure the global search box to respect the user role or is there some other/better way I should use to effectively hide certain records both from reports and charts but also the global search box?

Thanks

  • Quickbase permissions as set in the Role are "all seeing an all powerful".  Quite remarkable that literally on every click QuickBase evaluating permissions before it does anything. 

    I suggest that you take that check box field and look it up down to any child tables that you want to control and then for the Roles which need to be limited you Edit them to have a Custom Rule  as to for which records they can view. 

    So like any other click in Quickbase the global search bar will evaluate permissions before displaying results.

  • Quickbase permissions as set in the Role are "all seeing an all powerful".  Quite remarkable that literally on every click QuickBase evaluating permissions before it does anything. 

    I suggest that you take that check box field and look it up down to any child tables that you want to control and then for the Roles which need to be limited you Edit them to have a Custom Rule  as to for which records they can view. 

    So like any other click in Quickbase the global search bar will evaluate permissions before displaying results.

    • EmberKrumwied's avatar
      EmberKrumwied
      Qrew Captain

      I think I understand. I did already do as you suggested and carried the Hide checkbox value down to all children tables (needed to do that to filter some of the displayed reports). I'll take a look at the Roles and see if I can figure out how to create a Custom Rule that will then respect that checkbox value.

      Thanks

  • So found the custom rule section and updated all my tables. Everything is working as expected except for 1 table. It is a connected table, does that make a difference? It does connect/relate to the parent record and the checkbox value is pulling down to the table. I updated the table access using the same custom rule, but the global search still returns the related record from that table regardless of the custom rule.

    • MarkShnier__You's avatar
      MarkShnier__You
      Icon for Qrew Legend rankQrew Legend

      That seems quite impossible. Permissions are the foundation of Quickbase and have been around literally since the beginning of Quickbase so there cannot be a bug in them. I suggest you recheck your configurations.

      You should check whether or not you have users in multiple roles. If you have users in multiple roles then they get the most permission possible. Also double check to make sure that you connected table is not open to EOTI, Everyone On The Internet.

  • Users are not in multiple roles. Where would I confirm if the connected table is open to EOTI?

    I did see an option to exclude that table from the global search. When I selected that box and then tested the app as the viewer role, I am now not seeing any records. Yay! Not having that connected table not included in global search isn't an issue, so that option worked. Still curious why all other tables where excluded and the connected one wasn't...

    • MarkShnier__You's avatar
      MarkShnier__You
      Icon for Qrew Legend rankQrew Legend

      It is unlikely but possible that you have unknowingly opened up that sync table to everyone on the Internet. But if you go to your list of users and literally see if there is a user called "everyone on the Internet" then you would know if you may have opened up your app to everyone on the Internet for certain tables