Permission groups and access rules
Learn about restricting user access with permission groups and access rules.
| Permission groups Availability | |||
|---|---|---|---|
| Cloud-hosted | Generally Available | ||
| Self-hosted (3.259 Edge) | Generally Available | ||
| Self-hosted (3.148 Stable and later) | |||
You can configure user permissions to restrict access to apps, resources, and workflows. You add users to permission groups that use access rules which determine what members can access.
Permission groups
A permission group is a list of users by which to restrict access. You add users to one or more groups and then configure the group's level of access. This applies the same permissions to all group members.
The Members tab lists all group members. You can use the default permission groups or create custom groups with more granular control.
Default permission groups
Retool includes a set of default permission groups depending on your organization's billing plan.
| Group | Description | Plan availability |
|---|---|---|
| All Users | The All users group automatically includes all current organization users. You cannot modify group membership directly, you must invite or delete organization users. You can, however, configure access rules for the All users group to set the default level of access for new users. | All plans. |
| Viewer | Users in the Viewer group have Use access for apps and workflows. They can use apps and run workflows but cannot make changes. Users cannot access resource configuration. | Business and Enterprise. |
| Editor | Users in the Editor group have Edit access for apps and workflows. They can use apps, run workflows, and make changes. Users can also write queries using resources and update their configuration. | Business and Enterprise. |
| Admin | Users in the Admin group have Own access to all apps, resources, workflows, and folders. Users have full access to organization-level settings. | Business and Enterprise. |
Custom permission groups
You can create additional permission groups and configure them with the granularity of access you require.
You can also designate group members as group admins to add or remove members for only that group. Group admins can view all users in your Retool organization but can only modify group membership.
Access rules
Retool applies access rules hierarchically. Access rules for folders do not apply to individual apps and workflows that have different rules.
There are three access rules in Retool: Use, Edit, and Own. These access rules are functionally similar across apps, resources, and workflows, but there are some slight differences. You can also apply access rules to all apps, workflows, or resources with Use all, Edit all, or Own all.
You can configure the following custom group access rules in the Apps, Resources, and Workflows tabs.
| Access | Apps | Workflows | Resources |
|---|---|---|---|
| Use | View and interact with the app. | View and run the workflow. | Run queries in apps and workflows. |
| Edit | Make changes to an existing app. | Make changes to an existing workflow. | Run and write queries with the resource. |
| Own | Rename, move, export, delete, and manage permissions of an existing app. | Rename, move, export, and delete an existing workflow. | Run and write queries, and edit the resource configuration. |
For organizations on the Enterprise plan, resource environment permissions are available on self-hosted Retool versions 3.18 and later, and Cloud versions 3.21 and later.
These versions introduced a Use permission for resources that allows users to run queries against the resource. This behavior is equivalent to the Edit permission in previous releases.
From the Resources tab, you can also configure resource permissions per environment. This is useful when access should differ by environment—for example, if production data is sensitive, you can give developers Edit access to only a resource's dev environment. By default, environment permissions inherit access levels from the resource.
Folder access rules
You can also configure access rules for app, resource, and workflow folders. These access rules set different permissions and are inherited by their contents.
| Access | App folders | Workflow folders | Resource folders |
|---|---|---|---|
| Use | View and interact with all apps in the folder. | View and run workflows in the folder. | Write queries in apps and workflows in the folder. |
| Edit | Create new apps and make changes to existing apps in the folder. | Create new workflows and make changes to existing workflows in the folder. | Write and edit queries against resources in the folder. |
| Own | Rename, move, export, and delete apps in the folder. | Rename, move, export, and delete workflows in the folder. | Create, rename, move, and edit resources in the folder. |
For a user to move an object to a different folder, they must have Own access to an object and either Edit or Own access on the folder.
Inheritance
Once configured, all new apps either created in or moved to the folder inherit its permissions.
Subfolders inherit the permissions of their parent folder. Users with Edit access to a folder are permitted to create subfolders within it.
Additional access rules
Permission groups also have additional access rules for other aspects of Retool. These include:
- Query Library: Whether users are restricted from accessing the Query Library, can edit queries, or use queries in apps.
- Settings page visibility: Whether users can view the Users settings and audit logs.
- Release versions: Whether users can access unpublished releases of an app.
You can only configure these additional access rules for custom groups.