Configure permission groups
Learn how to restrict access to apps and resources.
Custom permission groups are not available on the Free and Team plans.
Organization admins can use permission groups to restrict users from accessing certain apps, workflows, or connected resources.
App owners and admins can also use direct sharing to share apps with users, independent of permission groups.
Manage permission groups
You can manage permission groups in the Permissions settings for your organization. You can use built-in permission groups or create your own custom groups.
Default groups
The default groups and permissions differ depending on the plan your organization uses. All pricing plans have Admin and All Users groups. Business and Enterprise plan users have more granular control over groups, and can create their own custom groups.
- Free and Team plans
- Business and Enterprise plans
The following built-in permission groups cannot be modified or removed, and the access levels cannot be changed.
| Group | Apps | Resources | Workflows |
|---|---|---|---|
| All Users | Edit | Own | Edit |
| Admin | Own | Own | Own |
The following built-in permission groups cannot be modified or removed. These are preconfigured with default permission levels, which can be updated by an admin.
| Group | Apps | Resources | Workflows |
|---|---|---|---|
| All Users | None | None | None |
| Viewer | Use | Use | Use |
| Editor | Edit | Own | Edit |
| Admin | Own | Own | Own |
For organizations created before Retool version 3.259.0, the All Users group had Edit access to apps and workflows, and Use access to resources. Read more in the changelog entry.
Create a custom group
Custom permission groups are limited to Business and Enterprise plans.
Click Add new members to add users to the group. You can search the list of users and select multiple users to add. Click Select all to select all users currently visible, then click Add to group.
To remove a user:
- Hover the cursor over the specified user.
- Click the ••• button to open the contextual menu.
- Select Remove from group.
Configure permission groups for a user
You can configure the permission group membership for individual users from the Users organization settings. This page lists all enabled users in your Retool organization and the permission groups to which they're a member. You can search and filter users with different criteria, such as name or last active.
Select a user from the list to display their details. The Permissions section lists the groups they belong to, along with the apps, resources, and workflows they can access.
Click Groups to modify group membership. You can add groups to the list by entering the group name. The groups list autocompletes and also presents a dropdown menu of lists to select.
Configure access rules for a permission group
Permission groups use access rules that determine the apps, resources configuration, and workflows that members can access. Access rules can also apply to folders in which these are organized.
Select the Apps, Resources, Workflows, or Agents tab to configure their respective access rules. The Select type option enables you to define specific access by configuring access individually, or apply Use all, Edit all, or Own all.
Folder permissions are inherited. Giving a user Edit access to a folder will also give that user Edit access to all of the items within that folder.
