👥Setting up permissions and visibilities

In Toucan, there are two ways to control access to content: applying permissions at the data level or visibility at the design level.

What is a permission?

A permission is a security filter applied to data to ensure that all users have access only to the data they need, and no more.

Technically, it is a query mask applied at the backend level to every data query of the application. For every query run in the application, a permission will apply an additional filter to limit the output result. This type of feature is typically called "row-level security" (RLS) in data systems.

A permission depends on user attributes, usually on user groups, and expresses access rights such as "User group 'France' can only access 'France' data". In most cases, you will want to use permissions to filter available data to a user population for example, a user in user group 'France' will only be able to see data related to 'France' and cities in 'France'.

Permissions are always applied in production, regardless of the user role (admin, app builder, validator, or viewer), but are only applied to validators in the studio (staging mode).

What is visibility?

Visibility is a design rule to display or hide a tile, chapter, subchapter, story or home section.

It expresses rules like "The view 'France' should display the story 'Country overview'".

Keep in mind that it does not impose any constraints on data, it only controls the display of front-end elements.

Visibility is always applied in production, regardless of the user role (admin, app builder, validator, or viewer), but is only applied to validators in the studio (staging mode).

There are 4 types of visibility:

  1. Public: Visible to all users in production mode (applied by default).

  2. Private: Hidden in production mode, accessible exclusively in staging mode.

  3. Customized based on filters: Restrict visibility based on specific filters. In this case, the tile, story, chapter or home section is visible in production mode only when the related filter value is selected.

  4. Customized for user groups: Restrict visibility to specific user groups.

How to configure visibility? You can set visibility in staging mode by clicking the options for a story, a chapter, a tile or a home section.

Once the visibility is applied, you can see an eye icon or a lock icon, to indicate that visibility has been applied.

Example to configure a private visibility to a story:

Example to configure a private visibility to a tile:

Summary: Permission vs. Visibility

Here is a summary table of the key differences between permission and visibility :

PermissionVisibility

Basic use case

"User group X should only access to X data"

"View X should display story Y"

Filter applied on

Data

Design

Filter applied at

Back-end level

Front-end level

In production mode, applies to

Every role (admin, conceptor, validator and viewer)

Every role (admin, conceptor, validator and viewer)

In staging mode, applies to

Validator role

Validator role

Last updated