# Setting up permissions and visibilities

In Toucan, there are two ways to control access to content: applying **permissions** at the data level or **visibility** at the design level.

## **What is a permission?**

A permission is a security filter applied to data to ensure that all users have access only to the data they need, and no more.

Technically, it is a query mask applied at the backend level to every data query of the application. For every query run in the application, a permission will apply an additional filter to limit the output result. This type of feature is typically called "row-level security" (RLS) in data systems.

A permission depends on user attributes, usually on user groups, and expresses access rights such as "User group 'France' can only access 'France' data". In most cases, you will want to use permissions to filter available data to a user population for example, a user in user group 'France' will only be able to see data related to 'France' and cities in 'France'.

Permissions are always applied in production, regardless of the user role (admin, app builder, validator, or viewer), but are only applied to validators in the studio (staging mode).

## **What is visibility?**

Visibility is a design rule to display or hide a tile, chapter, subchapter, story or home section.

It expresses rules like "The view 'France' should display the story 'Country overview'".

Keep in mind that it does not impose any constraints on data, it only controls the display of front-end elements.

Visibility is always applied in production, regardless of the user role (admin, app builder, validator, or viewer), but is only applied to validators in the studio (staging mode).

There are 4 types of visibility:

1. **Public:** Visible to all users in production mode (applied by default).
2. **Private:** Hidden in production mode, accessible exclusively in staging mode.
3. **Customized based on filters:** Restrict visibility based on specific filters. In this case, the tile, story, chapter or home section is visible in production mode only when the related filter value is selected.
4. **Customized for user groups:** Restrict visibility to specific user groups.

<figure><img src="/files/llOwflNAumizOr3AXeaB" alt=""><figcaption></figcaption></figure>

### **How to configure visibility?**

You can set visibility in staging mode by clicking the options for a story, a chapter, a tile or a home section.

Once the visibility is applied, you can see an eye icon or a lock icon, to indicate that visibility has been applied.

\
Example to configure a private visibility to a story:

{% @arcade/embed url="<https://app.arcade.software/share/pVWd6pBr9B1mLhPgWC7s>" flowId="pVWd6pBr9B1mLhPgWC7s" %}

Example to configure a private visibility to a tile:

{% @arcade/embed url="<https://app.arcade.software/share/kvvvGY2ktLarldEWuP4c>" flowId="kvvvGY2ktLarldEWuP4c" %}

### Visibility in an embed context

It is not possible to set visibility for the content of an embedded dashboard.

## **Summary: Permission vs. Visibility**

Here is a summary table of the key differences between permission and visibility :

|                                | Permission                                          | Visibility                                          |
| ------------------------------ | --------------------------------------------------- | --------------------------------------------------- |
| Basic use case                 | "User group X should only access to X data"         | "View X should display story Y"                     |
| Filter applied on              | Data                                                | Design                                              |
| Filter applied at              | Back-end level                                      | Front-end level                                     |
| In production mode, applies to | Every role (admin, conceptor, validator and viewer) | Every role (admin, conceptor, validator and viewer) |
| In staging mode, applies to    | Validator role                                      | Validator role                                      |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-v3.toucantoco.com/administration/managing-users/setting-up-permissions-and-visibilities.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.