Restrict access with the current_user object
Learn how to restrict access to certain data or hide and disable components with the current_user object.
The current_user object contains metadata about the currently logged-in user. This includes groups, which contains a list of assigned permission groups. You can use this data to restrict access to certain components.
Hide or disable components for users and groups
You can include conditional checks that dynamically change the behavior of apps based on the user's group membership. For example, you could disable a button for members of a group named Marketing. To do this, you would set the Disabled value in the Inspector to {{current_user.groups.map(group => group.name).includes('Marketing')}}
Restrict access to certain data
You can also restrict access to database records by referencing current_user in queries. current_user.email uniquely identifies the email address of the user running the query.
For example, you could restrict access to an employees table that contains a manager field, populated with the manager’s email address, by referencing current_user.email:
SELECT
*
FROM
employees
WHERE
manager = {{current_user.email}};
You can also reference current_user within a resource's configuration. For example, you can always include current_user.email in the request body. Retool organizations integrated with OpenID SSO providers also provide identification using current_user.metadata.idToken. This provides greater flexibility for restricting access.
See the Row-level security page for information on limiting access to database records.