๐Ÿ‘ฅSetting up permissions and visibilities

In Toucan, there are two ways to control access to content: applying permissions at the data level or visibility at the design level.

What is a permission?

A permission is a security filter applied to data to ensure that all users have access only to the data they need, and no more.

Technically, it is a query mask applied at the backend level to every data query of the application. For every query run in the application, a permission will apply an additional filter to limit the output result. This type of feature is typically called "row-level security" (RLS) in data systems.

A permission depends on user attributes, usually on user groups, and expresses access rights such as "User group 'France' can only access 'France' data". In most cases, you will want to use permissions to filter available data to a user population for example, a user in user group 'France' will only be able to see data related to 'France' and cities in 'France'.

Permissions are always applied in production, regardless of the user role (admin, app builder, validator, or viewer), but are only applied to validators in the studio (staging mode).

What is visibility?

Visibility is a design rule to display or hide a tile, chapter, subchapter, or story.

It expresses rules like "The view 'France' should display the story 'Country overview'".

Keep in mind that it does not impose any constraints on data, it only controls the display of front-end elements.

Visibility is always applied in production, regardless of the user role (admin, app builder, validator, or viewer), but is only applied to validators in the studio (staging mode).

Summary: Permission vs. Visibility

Here is a summary table of the key differences between permission and visibility :

PermissionVisibility

Basic use case

"User group X should only access to X data"

"View X should display story Y"

Filter applied on

Data

Design

Filter applied at

Back-end level

Front-end level

In production mode, applies to

Every role (admin, conceptor, validator and viewer)

Every role (admin, conceptor, validator and viewer)

In staging mode, applies to

Validator role

Validator role

Last updated