User roles

Users within your Budibase environment can have a plethora of roles. It starts with development access and then can be fine-tuned in every application.

Access permission

There are 3 levels of access permission to be used within Budibase. You can configure this when creating a new user, or update this whenever you have Administration permission.

  • Basic
  • Development
  • Administration

Basic permission is when both development and administration are disabled. This means a user can only view applications, and not edit them.

📘

Published apps

Only published apps can be viewed by basic users.

Development permission allows the user to not just view all applications, but also edit them.

Administration permission allows the user to manage users and global settings. Administration permission also requires development permission to be enabled.

Changing permissions

To change the permission of another user, you need to have administration permission yourself. If this is the case, going to the homepage of your Budibase installation.

In the left-hand sidebar, you'll find a Manage > Users section to which you need to navigate.

Click on the user you want to change, and you'll be presented with a screen not much different than the Adding Users screen. When you scroll down a little bit you can configure Development and Administration roles. Keep in mind the Administration role requires the Development role also to be enabled.

Once you're happy with your access change, you can close the screen. The permissions save automatically.

App specific roles

All users in your app without Development permission will only see applications you give them access to. But not only can you configure which applications each user can see, you can also configure their role in each application.

There are several roles to choose from, which impact what the user will be able to do and see in your application based on the roles you've defined for each section inside your application.
Access levels can be set for your each of your screens.

Higher tier roles will be able to see everything lower tiers can see, plus their own role-specific elements. This means, an Admin role can see all the pages built for Power, Basic and Public roles.

OrderRoleDescription
1PublicCan see un-authenticated. Cannot be given to a user
2BasicLowest authenticated role
3PowerHas all permissions of Basic and Public, but not Admin
4AdminHighest authenticated role

📘

Order matters!

The order of user role matters. Higher roles can see everything from lower roles as well as their own.

Adding custom roles

The core app roles cannot be deleted, however you can add and remove any number of custom roles if you need more granular access control.

Within your app, navigate to the Users table and click on Edit roles.

A modal will pop up to enter data into. Select Create new role.

Inherits Role determines the rank of your new role. In this case, a Super user will be able to access all screens of access level Super, Power, Basic and Public, but will not be able to access Admin app screens.

Base Permissions determines the read/write permissions of the role. Options include:

OrderRoleDescription
1Public
  • No permissions
2Read Only
  • Read data from queries, tables and views
3Read/Write
  • Read
  • Write to tables
  • POST queries
  • Trigger automations
4Power
  • Read/Write
  • Read from the Users table
5Admin