Skip to main content
Version: 3.0.0-LTS

Permissions in ToolJet

Permissions in ToolJet determine what actions users can perform and what resources they can access within a workspace. ToolJet uses a Role-Based Access Control (RBAC) system to manage these permissions efficiently.

User Roles

ToolJet has three default user roles, each with different levels of access:

  1. Admin: Full access to manage the workspace, including users, groups, and all resources.
  2. Builder: Can create and edit apps, data sources, and other resources.
  3. End-user: Can only view and use apps they have been given access to.

Groups

  • Default Groups: Correspond to the user roles - Admin, Builder, and End-user.
  • Custom Groups: Can be created to assign specific permissions to sets of users.
info

For detailed information on Users and Groups, refer to the Managing Users and Groups documentation.

Permission Levels

Permissions can be set at two levels: workspace-level and granular level. This allows for both broad and fine-grained control over user access.

Workspace-Level Permissions

Workspace-level permissions apply broadly to all resources of a particular type within the workspace. These are set in the Permissions tab of each user group.

For each resource type, different levels of permissions can be set:

  • Apps:
    • Create: Allows users to create new apps.
    • Delete: Allows users to delete apps.
  • Data Sources:
    • Create: Allows users to create new data source connections.
    • Delete: Allows users to delete data source connections.
  • Folders:
    • Create/Update/Delete: Allows users to create, update, or delete folders.
  • Workspace Constants/Variables:
    • Create/Update/Delete: Allows users to create, update, or delete workspace-level constants/variables.
Workspace Level Permissions

Granular Access Permissions

For more fine-grained control, administrators can set permissions for individual resources in the Granular Access tab of each user group.

Granular Access

App-level Permissions:

  • Permissions:
    • View: Allows users to view and use the specific apps.
    • Edit: Allows users to modify the specific apps in the app builder.
  • Resources: Customize what apps that users can access.
    • All Apps: Allows users to access all apps.
    • Custom: Allows users to access specific apps.
App Level Permissions

Data Source Permissions:

  • Permissions:
    • Configure: Allows users to configure the specific data source.
    • View: Allows users to view the specific data source.
  • Resources: Customize what data sources that users can access.
    • All Data Sources: Allows users to access all data sources.
    • Custom: Allows users to access specific data sources.
Data Source Permissions

Inheritance and Overrides

  • Users inherit permissions from their assigned role and any groups they belong to.
  • Custom group permissions can override default role permissions.
  • When a user belongs to multiple groups, they receive the highest level of permission granted by any of their groups.