Forum Discussion

RyanBlackwood's avatar
RyanBlackwood
Qrew Trainee
6 years ago

Multiple Roles Permissions w/ Parameters

When Quickbase announced they were going to support Multiple Roles per user a while back, I got very excited. I have SO MANY use cases for my app that NEED this feature.

Unfortunately the way it was implemented has not worked for any of my use cases, and I am not able to use Multiple Roles in their current configuration in any of my Apps.

Currently, Multiple Roles works like this: 
Role A: View Fields 5-8 on Records 1-10 
Role A: Modify Fields 7-8 on Records 9-10

Role B: View Fields 3-5 on ALL Records 
Role B: Modify Fields NONE on Records NONE

Role C: View Fields 1-2 on ALL Records 
Role C: Modify Field 1 on ALL Records

Logically(at least to me) you would expect that someone assigned to all 3 of these Roles would be able to: 
View: Fields 1-5 on ALL Records, and Fields 6-8 on Records 9-10 
Modify: Field 1 on ALL Records, and Fields 7-8 on Records 9-10

But that's not how Quickbase Roles work. Instead:

If you assign someone to Role A and Role B and Role C, they're new permissions are: 
View: Fields 1-8 on ALL Records 
Modify: Fields 1,7,8 on ALL Records

If you assign someone Role A and Role B, they're new permissions are: 
View: Fields 3-8 on ALL Records 
Modify: Fields 7-8 on Records 9-10

So instead of combining the individual permissions, along with their limitations, it takes the Fields off all of the roles, and gives them to all of Records of all of the roles. So even if you have:

Role D: View Fields 5-10 on Records 11-20 
Role D: Modify Fields 8-9 on Records 18-20

Role E: View Fields 1-3 on Records 1-5 
Role E: Modify Fields NONE on Records NONE

Role F: View Field 4 and 11 on ALL Records 
Role F: Modify Field 4 on ALL Records

If you assign someone to Roles D, E, and F, they're permissions are now: 
View: Fields 1-11 on ALL Records 
Modify: Fields 4,8,9 on ALL Records

If you assign them to Role D and E, they're new permissions are: 
View: Fields 4-11 on ALL Records 
Modify: Fields 4,8,9 on ALL Records

I have yet to be able to find a single use case in which multiple Roles has been useful. Every single one it grants users access to things I don't want them having access to.

I've been asked to post this here by Quickbase Support Staff in hopes of getting more feedback from people running into the same issue, and looking for the same type of permissions that I am.

I currently have about 6 very different use cases (from project management, to help desk ticketing) that need some level of view/modify access to some records on a table, and some level of view only access to all (or most) other records on the same table.

At the moment this does not seem possible in Quickbase. 

Quickbase Support Staff have asked me to reach out to the community to find out how many other people are struggling with Multiple Roles and could use them the same way t
Forms
roles and permissions
Tables and fields
  • QuickBaseCoachD's avatar
    QuickBaseCoachD
    Qrew Captain
    6 years ago
    I like the Role Permissions just the way they are and they are so fundamental to the very core of Quick Base security that imho they will not make changes like you might want for your use case.

    I deal with situations like you have with form rules.
    • RyanBlackwood's avatar
      RyanBlackwood
      Qrew Trainee
      6 years ago
      Please explain how you would accomplish this through form rules?
    • QuickBaseCoachD's avatar
      QuickBaseCoachD
      Qrew Captain
      6 years ago
      I think that in your use case a better Product Enhancement solution would be to have formula functions which can see Roles and hence allow you to do the complex logic in a formula with nested ORs and ANDs.
  • JoelHickok's avatar
    JoelHickok
    Qrew Cadet
    4 years ago
    It's really disappointing how your problem seems to have gone over the head of just about all the other people who replied.  I am experiencing your exact problem now, and see it as a huge, huge shortcoming of using multiple Roles with precedence (ordering).

    Basically, role precedence only applies for Pages and Forms (and to some degree Reports).  But instead of applying the Field access from the single role with the greatest precedence, Quickbase combines all the Field access settings from each Role for the user.  This makes Roles fairly useless for controlling access to fields for any user in more than one role.

    I think for anybody saying they like the way this works currently, you simply have never tried to set up Access to an app the way that me, the original post, and other people are trying to do.  Roles worked wonderful for me for several years, until now, when I finally needed to get more tricky with Access to a particular app.

    Please Quickbase, wake up on this one.