Hello,
I am curious, is there a way to secure a data collection internally where only certain users can view? I would like to have other users able to log in to the backend of my app to make updates while not being able to view certain sensitive data collections surrounding personal information and financials.
Thank you!
Hi @gtatcpi,
Adalo doesn’t currently support restricting access to collections inside the editor itself, anyone with editor access can see all collections.
Usually, the best approach is to handle this at the app level, not the editor level by creating an admin dashboard with role-based access, where different users can log in and only see or edit the data they’re allowed to.
This way, you can choose what to show or hide from the users without needing full editor access for everyone.
Ali Bazzi · Adalo Expert
@gtatcpi in addition to @Ali-Bazzi’s answer: in addition to the app-level logic, you can use Collections Permissions (Collection Permissions | Adalo Resources) to ensure that no extra unneeded data is returned to the app, even in case of mistake in the logic.
An example: imagine a collection of Payments, where payment belongs to a certain user. In the app you can add a list of Payments and filter them by logged-in user, so only relevant payment is displayed.
However, imagine that you’ve made a mistake and forgot to use this filter on one of such lists. Without collection permissions, the list will display all payments.
But with collection permissions (if you set it in a way that only some logged-in users can view, and select user-payment-owner), no records which belong not to a logged in user will be returned from the backend.
Collections Permissions could be a bit tricky to set up, they are not very advanced and have limitations, but it could be a good start to provide some basic level of security. If you store really sensitive data, then you might want to think about using a different backend.
Best,
Victor.