Restrict access with the current_user object
Use the current_user object to filter query results, control component visibility, and implement row-level security in Retool apps.
The current_user object is a global available in every Retool app that contains data about the currently signed-in user. You can reference it in queries, component properties, and JavaScript to filter data, restrict UI access, and implement row-level security.
Available properties
| Property | Type | Description |
|---|---|---|
current_user.id | number | Unique user ID within your Retool organization. |
current_user.email | string | User's email address. Unique per organization. |
current_user.firstName | string | null | User's first name. |
current_user.lastName | string | null | User's last name. |
current_user.fullName | string | Computed full name. |
current_user.profilePhotoUrl | string | null | URL of the user's profile photo. |
current_user.groups | Array<{ id: number; name: string }> | Groups the user belongs to. |
current_user.metadata | Record<string, unknown> | Custom attributes set by an admin. See User metadata. |
current_user.locale | string | User's locale preference (e.g., en). |
current_user.externalIdentifier | string | null | Identifier for external users in Retool Embed. |
For the full object reference, see current_user.
Filter query results by user
The most common use of current_user is filtering database queries so users only see records they're authorized to access.
Filter by email
Use current_user.email to return records owned by or assigned to the current user:
SELECT *
FROM tickets
WHERE assigned_to = {{current_user.email}};
Filter by user ID
Use current_user.id when your database stores Retool user IDs:
SELECT *
FROM reports
WHERE owner_id = {{current_user.id}};
Filter by group membership
Use current_user.groups to restrict results based on which groups a user belongs to. Each entry in the array has id and name properties:
// In a JavaScript query or transformer
const groupNames = current_user.groups.map(g => g.name);
return groupNames.includes('Finance');
You can also use group IDs directly in SQL using a subquery or parameterized list.
Filter by metadata
Use current_user.metadata to store and reference custom attributes, such as a region, department, or client ID, that don't map neatly to groups:
SELECT *
FROM accounts
WHERE region = {{current_user.metadata.region}};
Admins set user metadata from Settings > Users. See User metadata.
Control component visibility
Reference current_user in component visibility or disabled conditions to show or hide UI elements based on who is signed in.
Example: hide a button for non-admins:
In the button's Hidden property:
!current_user.groups.map(g => g.name).includes('Admin')
Example: show a section only for a specific user:
current_user.email !== 'finance-lead@acme.com'
Include current_user in resource authentication
You can reference current_user in a resource's authentication configuration. For example, include it in a REST API request header so the downstream service can enforce its own access controls:
Authorization: Bearer {{current_user.metadata.apiToken}}
Retool organizations using OpenID Connect SSO can also use current_user.metadata.idToken to pass the user's identity token to external services.
User metadata
Metadata is a set of custom key-value attributes that admins assign to users. It is useful for storing attributes that aren't modeled as Retool groups, for example, a cost center code, a region, a tier, or an external system ID.
To set metadata for a user, navigate to Settings > Users, select a user, and edit their User attributes.
Metadata values are computed server-side and cannot be modified by users themselves.
Security
current_user values are computed server-side from the authenticated session and injected into query parameters before execution. When spoofing prevention is enabled for your organization, Retool validates that any current_user value submitted by the client matches the server-computed value; if they differ, the query is rejected with an error. This means users cannot manipulate current_user values in query parameters to access records they shouldn't see.
Row-level security using current_user filters what data is returned to the user; it is not a substitute for database-level access controls. For defense in depth, consider enforcing access at the database layer as well.
Workflows
In workflows, current_user is only available in Start trigger blocks. It reflects the user who triggered the workflow manually or from an app. For scheduled or webhook-triggered workflows, current_user is null unless your organization has enabled workflow user context.
Retool Embed (external users)
For external users in Retool Embed, current_user.externalIdentifier contains the identifier passed when the embed session was created. Standard properties like email and groups may be null depending on how the embed is configured. Use externalIdentifier to map external users to records in your own system.
Related
current_userobject reference: Full property reference.- Row-level security: Broader patterns for restricting data access in queries.