Skip to main content
Version: 3.1.0-Beta 🚧

Permissions in ToolJet

Permissions in ToolJet determine what actions users can perform and what resources they can access within a workspace. ToolJet uses a Role-Based Access Control (RBAC) system to manage these permissions efficiently.

User Roles​

ToolJet has three default user roles, each with different levels of access:

  1. Admin: Full access to manage the workspace, including users, groups, and all resources.
  2. Builder: Can create and edit apps, data sources, and other resources.
  3. End-user: Can only view and use apps they have been given access to.

Groups​

  • Default Groups: Correspond to the user roles - Admin, Builder, and End-user.
  • Custom Groups: Can be created to assign specific permissions to sets of users.
info

For detailed information on Users and Groups, refer to the Managing Users and Groups documentation.

Permission Levels​

Permissions can be set at two levels: workspace-level and granular level. This allows for both broad and fine-grained control over user access.

Workspace-Level Permissions​

Workspace-level permissions apply broadly to all resources of a particular type within the workspace. These are set in the Permissions tab of each user group.

For each resource type, different levels of permissions can be set:

  • Apps:
    • Create: Allows users to create new apps.
    • Delete: Allows users to delete apps.
  • Data Sources:
    • Create: Allows users to create new data source connections.
    • Delete: Allows users to delete data source connections.
  • Folders:
    • Create/Update/Delete: Allows users to create, update, or delete folders.
  • Workspace Constants/Variables:
    • Create/Update/Delete: Allows users to create, update, or delete workspace-level constants/variables.
Workspace Level Permissions

Granular Access Permissions​

For more fine-grained control, administrators can set permissions for individual apps and data sources in the Granular Access tab of each user group.

Granular Access

App-level Permissions:​

  • Permissions:
    • View: Allows users to view and use the specific apps.
    • Edit: Allows users to modify the specific apps in the app builder.
  • Resources: Customize what apps that users can access.
    • All Apps: Allows users to access all apps.
    • Custom: Allows users to access specific apps.
App Level Permissions

Data Source Permissions:​

  • Permissions:
    • Configure: Allows users to configure the specific data source.
    • View: Allows users to view the specific data source.
  • Resources: Customize what data sources that users can access.
    • All Data Sources: Allows users to access all data sources.
    • Custom: Allows users to access specific data sources.
Data Source Permissions

Inheritance and Overrides​

  • Users inherit permissions from their assigned role and any custom groups they belong to.
  • Adding users to custom groups with higher permissions than their current role will automatically upgrade their user role to match the higher access level.
  • If a user’s role is downgraded to one with lower permissions, they will automatically be removed from any custom groups that provided higher access than their new role allows.
  • When a user belongs to multiple groups, they receive the highest level of permission granted by any of their groups.