🔏Privacy rules

Privacy rules are one of the most important parts of any Bubble app that holds sensitive data.

Overview

Privacy rules protect private and sensitive data in your app. They are conditions set on each data type to control data access and editing.

Key Points

  1. Importance: Privacy rules are crucial for app security, ensuring users' data remains safe.

  2. Function: Privacy rules tell the server when to send or write data based on specific conditions.

  3. Example: Allow products to be viewable only by logged-in users. This means data is only sent if the user is authenticated.

  4. Server-Side Security: Data protection happens on the server, keeping data encrypted and secure until it's legitimately accessed.

Client-Side Data

  • Once data reaches a user's device, it's no longer secure.

  • Developers must ensure only necessary and authorized data is sent to the device.

  • Example: In an eCommerce app, all products should be publicly viewable, while shopping carts should only be viewable by their creators.

How privacy rules work in Bullet Launch

Please watch the video on privacy rules.

A standard data type

The privacy rules for a standard data type might look like this.

Everyone else (default permissions) are all unchecked. This means this data is private by default.

Visible to creator states that whoever created this thing in the database is able to find it and view it. This is the default rule created by Bubble and is effectively redundant as the Entity user rule will grant the same permissions.

Entity user states that anyone who is in the same entity as the entity set on the thing's can find it and view it.

App admin states that anyone whose role is App Admin can find and view all data of this type.

A data type with some additional restrictions

This is an example of a data type where you want more granular controls over who can see what data. In this case the data type contains data about the Subscription held by the entity.

Everyone else (default permissions) are all unchecked. This means this data is private by default.

Entity user states that anyone who is in the same entity as the entity set on the thing's can find it and view selected fields only.

Entity admin states that anyone who is in the same entity as the entity set on the thing who also has the role Entity admin can find it and view all fields.

App admin states that anyone whose role is App Admin can find and view all data of this type.

A more restricted data type

This is an example of a data type which is restricted to only one or two users.

In this case it is a chat message between users. These messages usually would be private and not visible to other entity users, entity admin, or app admin.

Everyone else (default permissions) are all unchecked. This means this data is private by default.

Visible to participants states that anyone who is listed on the thing's allowed users can find it and view it.

Visible to creator states that whoever created this thing in the database is able to find it and view it. This is the default rule created by Bubble and is effectively redundant as the Entity user rule will grant the same permissions.

Creating your own privacy rules

You can, of course, create your own privacy rules if you need more granular control over who sees what data.

For example, you may have project teams within an entity and want project details only to be visible to people in that team rather than all the users in your entity.

In that case you will need to add helper fields to all the data types you wish to restrict to enable you to create effective privacy rules.

Rules that use "This Thing's X's Y" can't grant search access right now You might see this message in the privacy rule editor. Bubble has a limitation that means you cannot rely on a linked data type to create a search privacy rule restriction. For example, you couldn't say If this task's project's entity is current user's entity, then allow them to find it in searches. This wouldn't work in Bubble. Instead you would need to record the entity on the task itself. Then you could say If this task's entity is current user's entity, allow them to find it in searches. It sometimes feels like you're adding unnecessary fields to data types, but in order to have effective privacy rules these "helper" fields are needed.

Last updated