Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-22 05:57:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
ToolJet/docs/versioned_docs/version-3.0.0-LTS/org-management/permissions.md
Aman Regu dc57882f89 docs: add 3.0 version
2025-05-02 13:26:57 +05:30

4.1 KiB
Raw Blame History

id title
permissions Permissions

Permissions in ToolJet

Permissions in ToolJet determine what actions users can perform and what resources they can access within a workspace. ToolJet uses a Role-Based Access Control (RBAC) system to manage these permissions efficiently.

User Roles

ToolJet has three default user roles, each with different levels of access:

  1. Admin: Full access to manage the workspace, including users, groups, and all resources.
  2. Builder: Can create and edit apps, data sources, and other resources.
  3. End-user: Can only view and use apps they have been given access to.

Groups

  • Default Groups: Correspond to the user roles - Admin, Builder, and End-user.
  • Custom Groups: Can be created to assign specific permissions to sets of users.

:::info For detailed information on Users and Groups, refer to the Managing Users and Groups documentation. :::

Permission Levels

Permissions can be set at two levels: workspace-level and granular level. This allows for both broad and fine-grained control over user access.

Workspace-Level Permissions

Workspace-level permissions apply broadly to all resources of a particular type within the workspace. These are set in the Permissions tab of each user group.

For each resource type, different levels of permissions can be set:

  • Apps:
    • Create: Allows users to create new apps.
    • Delete: Allows users to delete apps.
  • Data Sources:
    • Create: Allows users to create new data source connections.
    • Delete: Allows users to delete data source connections.
  • Folders:
    • Create/Update/Delete: Allows users to create, update, or delete folders.
  • Workspace Constants/Variables:
    • Create/Update/Delete: Allows users to create, update, or delete workspace-level constants/variables.
Workspace Level Permissions

Granular Access Permissions

For more fine-grained control, administrators can set permissions for individual apps and data sources in the Granular Access tab of each user group.

Granular Access

App-level Permissions:

  • Permissions:
    • View: Allows users to view and use the specific apps.
    • Edit: Allows users to modify the specific apps in the app builder.
  • Resources: Customize what apps that users can access.
    • All Apps: Allows users to access all apps.
    • Custom: Allows users to access specific apps.
App Level Permissions

Data Source Permissions:

  • Permissions:
    • Configure: Allows users to configure the specific data source.
    • View: Allows users to view the specific data source.
  • Resources: Customize what data sources that users can access.
    • All Data Sources: Allows users to access all data sources.
    • Custom: Allows users to access specific data sources.
Data Source Permissions

Inheritance and Overrides

  • Users inherit permissions from their assigned role and any custom groups they belong to.
  • Adding users to custom groups with higher permissions than their current role will automatically upgrade their user role to match the higher access level.
  • If a users role is downgraded to one with lower permissions, they will automatically be removed from any custom groups that provided higher access than their new role allows.
  • When a user belongs to multiple groups, they receive the highest level of permission granted by any of their groups.