Great video. Thank you. I’ve been struggling to understand the concept of privacy rules as well as privacy rules when it comes to groups of users (SaaS customers) and this video was certainly very helpful.
Love it! We need more advanced strategy for SaaS type of tutorials. Maybe you can expand on this example with rules like the owner of the SaaS account can: -Add other team members to the account using User Roles with different permissions. -User Roles Permissions like who else can add, edit, delete members, but can never delete the SaaS account owner. -User Roles that can access only certain type of data to edit or delete.
Thanks, much appreciated. Some good ideas for future videos :) Don't forget to check out the part 2 of this as well : ua-cam.com/video/_DKEXFZJU-M/v-deo.html
Thanks Tim. Using this method, the core separator between SaaS customers is the SaaSAccount type and each user must be assigned a SaaSAccount. For sign-up you would give them a basic sign-up form - first name, last name, email and, if it's a B2B type system, a business or company name. In the workflow to sign the user up, you would also create a SaaSAccount thing and assign that SaaSAccount to the user that you're signing up. This way, whenever the user logs in, the privacy rules automatically handles only serving up their data. For multi-user, I would set up a mechanism where the user that initially signs up & creates their SaaSAccount, can invite other people to join. That's a whole subject in it's own right and I have an approach that I use that I may well share in a future video. In the meantime this might be useful : ua-cam.com/video/FXZzG6VRGEc/v-deo.html
Brilliant explanation and video, the best info on the subject I have seen and something I would have thought would be explained a little... but hey, thanks! Data segregation is critical to multi tenant saas project where you would like to sell subscription to multiple businesses (with multiple users of each separate account). would you see any reason to apply moth methods at the same time? I mean you can never be too cautions with this kind of thing...
Hey, thanks for the feedback and kind comments, much appreciated. I probably wouldn't use both methods together as you're just repeating what Bubble is doing behind the scenes and that can only have an effect on performance. If you're thinking that doing both would put a "double-lock" in place, not really as Bubble does the work and it works brilliantly well, it just requires a bit of forethought with structuring the data and how your rules work which is never a bad thing. Where I do use my own constraints on searches rather than Bubble's privacy rules is where I need more control, once they're in privacy rules you've kinda lost any flexibility, which in a security situation is good, but sometimes you just need to be able to get at some data without something else getting in your way. A good example for this would be building your own SaaS Customer portal or dashboard where you need access to data regardless of a user's constraints. Although it is a last resort and I'll always try to structure the data to work with privacy rules rather than go against them if it's at all possible. If you can get Bubble to automate it then it's the better option. Hope that helps.
@@nocodecoder4160 thanks for the reply and I will take the advice on board for what I am developing now. I love the bubble community it's refreshing in the help offered by so many. You explain things well, keep up the good work when you have time 👌
Thanks for this! Searched high and low for a succinct explanation. Exactly what I was after. My understanding of your example is that Companies and SaasAccounts are a one to one relationship. Can this set up be used for the case where you have multiple companies to a SaasAccount? I.e. I want to be able a SaasAccount admin to be able to create multiple Companies per SaasAccount. Does your setup need to be modified to achieve this?
Many thanks for your feedback. Yes, that's precisely what I do in my business apps, enable multiple companies within a single SaaS account - I didn't want to muddy the waters in the video by going into that. It works largely the same, depending on what you want to enable the user to do. So in a basic example you would simply have a Company data type which has a SaaSAccount field to link to the main SaaS Account that it's assigned to. On each data type, rather than a SaaSAccount field you would have a Company field and you would setup your privacy rules around Company rather than SaaSAccount. It gets a little more involved as obviously a user's SaaSAccount never changes but the Company they want to use can of often will change. Also you won't be be able to set the current Company that they're using for the session on a Custom State as privacy rules don't allow you to reference custom states. The way I do that is just to have a field on the User data type for Current Company. When they open the app I ask them which company they want to use and write that back to the Current User's Current Company field and then in the privacy rules check for 's Company is Current User's Current Company. If you want the user to see the data from multiple companies at the same time such as for consolidation then that gets a bit more involved but is very doable with privacy rules provided the data structures are setup correctly. I hope that helps. If there's anything you'd like me to cover in another video please let me know.
@@nocodecoder4160 thanks! Would love to see this in a video at some point. Do you have or know of any resources that provide an example that I could follow?
Thanks so much - this is by far the easiest and most well thought through video I have found on this topic so thank you! I have very easily implemented the privacy rules to my data types as you showed, but the one thing I am stuck on is how do I link the saas account number to other data types so they automatically appear on creation? I have added 'SaaS account' to all the data types so it appears as a field but it is currently not displaying my data because the SaaS account number isn't being added to each data type. Is there a way to do this automatically? My gut says I need to add a workflow step that adds the SaaS account number to the Current User’s new board or task etc. any idea how to do this?
Thank you for your kind comments, am glad you found it useful. Yes you would need to add a field for SaaSAccount to every data type that you need to separate data between your end/SaaS customer accounts. You would then need to "Set another field" whenever you're creating a "thing" for each data type, and you'd use the Current User's SaaSAccount as the value. So in the Workflow where you're creating a new board for example, you would add it just as another field to the board. The user's SaaSAccount should be set when the user is first created and should never change so that the data being shown is always the current user's SaaSAccount and when you're creating new records you can be assured that the Current User's SaaSaccount is always the correct one. In terms of adding SaaSAccount as a new field to types with lots of existing data and you need to fill the existing data with the relevant SaaSAccount then you'd need to use API workflows for that which will require at least Bubble's Personal Plan. I hope that helps you.
Thanks. Not really doing Bubble stuff any more and certainly not using it for backend operations like database. Prefer Toddle or Weweb for front-end and now use Xano or Supabase for databases.
From my experience, no it doesn't make any difference. Bubble will check all the rules defined for a data type to determine what the user can access. It is important to know that Bubble applies a "least restrictive" policy which means if you have two rules, one giving the user more access to a record than another then that will trump the one giving it less access eg you have a field for Salary, the user matches one rule which denies the user access to the field but the user also matches another rule that does grant access to that field - Bubble will use the least restrictive rule and grant access for the user to see the Salary field, again though the order that these rules are defined doesn't have any consequence. I hope that helps.
@No Code Coder This is amazing, but I do not get the SaaSAccount ID # when the user sign up? Also, I do not see the steps of doing that either. Could you please show how to get. Thanks.
You have to create the new SaaSAccount before the action step to sign the user up. You then assign the result of the step that you created the SaaSAccount to the SaaSAccount field in the user sign up step. Hope that helps.
@@toogoodtobefalse Thanks for your message. Not that I know of, you can check out the follow-up video that I made regarding breaking it down by different organisations within a SaaSAccount/Subscription here which may help : ua-cam.com/video/xbixw-cb2jc/v-deo.html . I no longer develop with Bubble so won't be making any more content on it, it's no longer the best no-code/visual development tool/stack for developing apps IMHO. Check out Toddle and Xano as a fantastic visual development stack. I made a Toddle beginners tutorial which you can watch here if you're interested : ua-cam.com/video/ICTzRosXYec/v-deo.html
Excellent, I had cross contamination and after watching your video I figured out the issue! Thanks!
Excellent video, was just about to start going through all my searches, workflows etc to do the first method. So glad I watched this now
Great video. Thank you. I’ve been struggling to understand the concept of privacy rules as well as privacy rules when it comes to groups of users (SaaS customers) and this video was certainly very helpful.
Great to hear you found this useful, appreciate the feedback. If there's anything else that you'd like me to cover or expand on please let me know.
Excellent introduction to privacy rules. Many thanks!
Love it! We need more advanced strategy for SaaS type of tutorials.
Maybe you can expand on this example with rules like the owner of the SaaS account can:
-Add other team members to the account using User Roles with different permissions.
-User Roles Permissions like who else can add, edit, delete members, but can never delete the SaaS account owner.
-User Roles that can access only certain type of data to edit or delete.
Thanks, much appreciated. Some good ideas for future videos :) Don't forget to check out the part 2 of this as well : ua-cam.com/video/_DKEXFZJU-M/v-deo.html
This is the best video that explains this topic. Apprecite it!!
Fkin loved it. cudnt undrstand the concept at all but this one video has made me an expert in privacy. THANK YOU!
Excellent video tutorial making it a lot simpler to understand applying the privacy rules.
Been loking for turotials on this topic, thank you for sharing
No stone left unturned. We'll done.. thank you!
Thank you this was very helpful.. I been doing it wring... using constrains
Awesome video, thank you. I am wondering how you are handling signup for multi-tenant scenarios?
Thanks Tim. Using this method, the core separator between SaaS customers is the SaaSAccount type and each user must be assigned a SaaSAccount. For sign-up you would give them a basic sign-up form - first name, last name, email and, if it's a B2B type system, a business or company name. In the workflow to sign the user up, you would also create a SaaSAccount thing and assign that SaaSAccount to the user that you're signing up. This way, whenever the user logs in, the privacy rules automatically handles only serving up their data. For multi-user, I would set up a mechanism where the user that initially signs up & creates their SaaSAccount, can invite other people to join. That's a whole subject in it's own right and I have an approach that I use that I may well share in a future video. In the meantime this might be useful : ua-cam.com/video/FXZzG6VRGEc/v-deo.html
Brilliant explanation and video, the best info on the subject I have seen and something I would have thought would be explained a little... but hey, thanks!
Data segregation is critical to multi tenant saas project where you would like to sell subscription to multiple businesses (with multiple users of each separate account).
would you see any reason to apply moth methods at the same time? I mean you can never be too cautions with this kind of thing...
Hey, thanks for the feedback and kind comments, much appreciated. I probably wouldn't use both methods together as you're just repeating what Bubble is doing behind the scenes and that can only have an effect on performance. If you're thinking that doing both would put a "double-lock" in place, not really as Bubble does the work and it works brilliantly well, it just requires a bit of forethought with structuring the data and how your rules work which is never a bad thing. Where I do use my own constraints on searches rather than Bubble's privacy rules is where I need more control, once they're in privacy rules you've kinda lost any flexibility, which in a security situation is good, but sometimes you just need to be able to get at some data without something else getting in your way. A good example for this would be building your own SaaS Customer portal or dashboard where you need access to data regardless of a user's constraints. Although it is a last resort and I'll always try to structure the data to work with privacy rules rather than go against them if it's at all possible. If you can get Bubble to automate it then it's the better option. Hope that helps.
@@nocodecoder4160 thanks for the reply and I will take the advice on board for what I am developing now.
I love the bubble community it's refreshing in the help offered by so many.
You explain things well, keep up the good work when you have time 👌
excellent video, thanks for sharing your knowledge
Really great information!
Superb video, thanks very much....
I'm wrong. you're right thanks for teaching me something.
Thanks for this! Searched high and low for a succinct explanation. Exactly what I was after. My understanding of your example is that Companies and SaasAccounts are a one to one relationship. Can this set up be used for the case where you have multiple companies to a SaasAccount? I.e. I want to be able a SaasAccount admin to be able to create multiple Companies per SaasAccount. Does your setup need to be modified to achieve this?
Many thanks for your feedback. Yes, that's precisely what I do in my business apps, enable multiple companies within a single SaaS account - I didn't want to muddy the waters in the video by going into that. It works largely the same, depending on what you want to enable the user to do. So in a basic example you would simply have a Company data type which has a SaaSAccount field to link to the main SaaS Account that it's assigned to. On each data type, rather than a SaaSAccount field you would have a Company field and you would setup your privacy rules around Company rather than SaaSAccount. It gets a little more involved as obviously a user's SaaSAccount never changes but the Company they want to use can of often will change. Also you won't be be able to set the current Company that they're using for the session on a Custom State as privacy rules don't allow you to reference custom states. The way I do that is just to have a field on the User data type for Current Company. When they open the app I ask them which company they want to use and write that back to the Current User's Current Company field and then in the privacy rules check for 's Company is Current User's Current Company. If you want the user to see the data from multiple companies at the same time such as for consolidation then that gets a bit more involved but is very doable with privacy rules provided the data structures are setup correctly. I hope that helps. If there's anything you'd like me to cover in another video please let me know.
@@nocodecoder4160 thanks! Would love to see this in a video at some point. Do you have or know of any resources that provide an example that I could follow?
Thanks so much - this is by far the easiest and most well thought through video I have found on this topic so thank you!
I have very easily implemented the privacy rules to my data types as you showed, but the one thing I am stuck on is how do I link the saas account number to other data types so they automatically appear on creation? I have added 'SaaS account' to all the data types so it appears as a field but it is currently not displaying my data because the SaaS account number isn't being added to each data type.
Is there a way to do this automatically? My gut says I need to add a workflow step that adds the SaaS account number to the Current User’s new board or task etc. any idea how to do this?
Thank you for your kind comments, am glad you found it useful. Yes you would need to add a field for SaaSAccount to every data type that you need to separate data between your end/SaaS customer accounts. You would then need to "Set another field" whenever you're creating a "thing" for each data type, and you'd use the Current User's SaaSAccount as the value. So in the Workflow where you're creating a new board for example, you would add it just as another field to the board. The user's SaaSAccount should be set when the user is first created and should never change so that the data being shown is always the current user's SaaSAccount and when you're creating new records you can be assured that the Current User's SaaSaccount is always the correct one. In terms of adding SaaSAccount as a new field to types with lots of existing data and you need to fill the existing data with the relevant SaaSAccount then you'd need to use API workflows for that which will require at least Bubble's Personal Plan. I hope that helps you.
@@nocodecoder4160 thanks so much - your suggestion has fixed it!
Very good video - please release paid help for such vidoes and more advanced videos
Thanks. Not really doing Bubble stuff any more and certainly not using it for backend operations like database. Prefer Toddle or Weweb for front-end and now use Xano or Supabase for databases.
Does the order of privacy rules make a difference?
From my experience, no it doesn't make any difference. Bubble will check all the rules defined for a data type to determine what the user can access. It is important to know that Bubble applies a "least restrictive" policy which means if you have two rules, one giving the user more access to a record than another then that will trump the one giving it less access eg you have a field for Salary, the user matches one rule which denies the user access to the field but the user also matches another rule that does grant access to that field - Bubble will use the least restrictive rule and grant access for the user to see the Salary field, again though the order that these rules are defined doesn't have any consequence. I hope that helps.
@@nocodecoder4160 Great to know. Thank you for these videos. They are the absolute best on youtube right now
@No Code Coder This is amazing, but I do not get the SaaSAccount ID # when the user sign up? Also, I do not see the steps of doing that either. Could you please show how to get. Thanks.
You have to create the new SaaSAccount before the action step to sign the user up. You then assign the result of the step that you created the SaaSAccount to the SaaSAccount field in the user sign up step. Hope that helps.
@@nocodecoder4160 Is there a video that you can point us to that does this?
@@toogoodtobefalse Thanks for your message. Not that I know of, you can check out the follow-up video that I made regarding breaking it down by different organisations within a SaaSAccount/Subscription here which may help : ua-cam.com/video/xbixw-cb2jc/v-deo.html . I no longer develop with Bubble so won't be making any more content on it, it's no longer the best no-code/visual development tool/stack for developing apps IMHO. Check out Toddle and Xano as a fantastic visual development stack. I made a Toddle beginners tutorial which you can watch here if you're interested : ua-cam.com/video/ICTzRosXYec/v-deo.html
@@nocodecoder4160 Thanks! That is very helpful - I will check it out. Your videos are great! Thanks for making them!