User permissions

Learn how to control how much access users have to your Retool apps and resources using Granular Permissions.

As an admin of Retool you can use Permission Groups to control which users have access to which apps and resources. See Inviting users and authentication to learn how to invite users to Retool.

If you can't see Organization Settings > Permissions your account is not an admin and will not be able to perform the tasks described in this guide.


Granular Permissions

User specific permissions are only available on the Pro or Enterprise plans. Without granular permissions, all accounts will have the same access to editing apps and resources.

Figure 1. Organization Settings > Permissions.

"All Users" Global permissions settings

All Retool user accounts are added to the All Users group when first created. This is a global permissions setting that applies to all users. You can edit the permissions of the All Users group so that new users only have edit permissions on apps and queries or resources when invited.


If you do not want new users to automatically have editing permissions, you must change the default settings of the All Users group using the Granular Permissions feature available on Pro or Enterprise plans.

Available Permissions

Icons for 'own', 'edit', 'use', and 'no access' app permission levels

App Permissions

Own: Rename and delete the app, and all Edit level permissions
Edit: Make changes to components, temporary states, transformers, and all queries that are for resources that the user has access to
Use: Open the app in end-user mode only
No Access: Hide the app from users in the selected group anywhere in Retool, no access to open the app.

Resource Permissions

You can allow a custom user group access to any created APIs, Databases, or Integration resources. Resources that a group does not have access to will be hidden from those users in the resource page and inside the editor.

Query Library Access

This setting gives a user group access to the Query Library. They will be able to create new shared queries and see existing ones for any resource their group has access to.

Resource and Query Library permissions

Default Groups

  • A viewer can use all apps.
  • An editor can use and edit all apps and can write queries against all resources when editing an app.
  • An admin can use all apps, edit them, write queries against all resources, invite users, and change user permissions. The first user who signs up for Retool is in the admin group by default.

When using the on-premise version of Retool, an admin must invite users. Anyone who joins via SSO without an invite is assigned no permissions by default. For more information see On-premise.

When using the cloud version of Retool, anyone who joins via Google SSO without an invite is assigned as a viewer by default. For more information see Cloud.

Creating a custom permission group

  1. Open Organization Settings > Permissions.
  2. Click Create New Group.
  3. Give the new group a name.

Figure 2. Creating a new group called My New Group.

  1. Click Create.
  2. Click the row containing your new group in order to select it. The Group Details section shows more information about your new group.
  3. Use Group Details > Apps to control how much access the group has to each app.

Figure 3. Using Group Details > Apps to specify that the My New Group group should have edit access to Map, and view access to Sample GSheets App.

  1. Use Group Details > Resources to control which resources the group can write queries using when an app is in edit mode. If you would like the group to have no resource editing permissions, set this section to Can't create queries

Figure 4. Using Group Details > Resources to specify that the My New Group group should be able to write queries against the onboarding_db (edit),management_db , and Sample GSheets resources.

  1. To give a user access to the Query Library, toggle the Query Library Access option below the Writing queries section. Users will only be able to create queries in the query library using resources that they have access to.
  2. Click Save to confirm your changes.

Adding Users to Groups

Edit a single user's groups

  1. Open Settings > Users.
  2. Click the user whose groups you want to edit. Retool highlights the user's row to indicate that it's selected. The User Details pane shows more information about that particular user.

Figure 5. Viewing the User Details for the Awesome Intern user.

  1. Use the Permissions Groups text box to edit the user's groups.

Edit which users belong to a group

You can also edit which users are inside of a group from the Permissions tab. When a group is selected, all of the users included in that group are shown in the Users section.

  1. Open Settings > Permissions.
  2. Click the group that you want to edit. Retool highlight's the row blue to indicate that it's selected. The Group Details pane shows more information about that particular group.

Figure 6. Viewing the Group Details for the editor group.

  1. Enable the checkbox next to a user's name in Groups Details > Users to add that user to that group. Disable the checkbox to remove that user from that group.

Add users to a group during invitation

When inviting users to Retool, click Add Group and then specify which groups they belong to in the Groups to add invited members to text box.

Figure 7. Adding three new users to the viewer group when inviting them.

Updated about a year ago

User permissions

Learn how to control how much access users have to your Retool apps and resources using Granular Permissions.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.