Forest Admin's Roles & Permissions feature provides administrators with a powerful tool to finely tune access controls on both read and write, including trigger actions, within the platform. This feature enables the creation of roles, each with a unique set of permissions, granting granular control over user actions. Whether it's defining data visibility through read actions or regulating data modification and trigger privileges, administrators can tailor access to align with the organization's specific needs. This flexibility ensures a secure and customized data management environment, allowing administrators to establish the ideal balance between collaboration and data protection.

Roles

Creating a new role in Forest Admin is a straightforward process. Begin by accessing the project settings and navigate to the Role tab. On the role creation page, you can easily name the role and assign users to it.

Additionally, Forest Admin simplifies role creation by offering the ability to copy permissions from an existing role when adding a new one. This accelerates the setup process, ensuring efficiency and consistency across roles without the need to recreate permissions from scratch.

Permissions

Clicking on a role grants access to its comprehensive set of permissions in Forest Admin. Initially, administrators can configure default permissions that apply to the role when creating a new action or collection. However, flexibility is key, as these default permissions can be overridden on a per-action and per-collection basis. This means that for each smart action and collection associated with the role, administrators can define specific permissions, tailoring access controls with precision to align with the unique requirements of the organization.

User permissions

Forest Admin user permissions are like roles given to users in Forest Admin. There are four levels: Admin, Editor, Developer, and User. These levels decide how much access and control users have over different parts of Forest Admin.

At the User level, people can use the admin panel but can't mess with project settings or the layout editor.

Editors have more privileges than Users. They can do everything Users can, plus use the Layout Editor Mode.

Developers can do almost everything Editors can, but not in the Production environment.

Admins have the highest level. They can access all settings in Forest Admin, including billing, roles, environments, users, and more. This gives them total control over Forest Admin's features and options.

Scope

In Forest Admin, Scopes are a key tool to control and limit what data users can access. By using Scopes strategically, you can customize the data display based on different factors, making the experience more personal and relevant.

For instance, you can set up a Scope to show data relevant to the user's geographical context, such as their country or city. This means users will only see information that matters to their location.

Example

Now, let's explore a common example to illustrate the practical use of Scopes. Imagine you're a salesperson working in a physical store in San Francisco. The goal is to filter the data so that this salesperson only sees orders from their San Francisco store and not from other cities.

To achieve this, you can associate a tag with the user named location and set its value to San Francisco. To do this, go to the Project settings, navigate to Users select the user, and assign the tag.

Next, return to the collection settings of your Order collection. Create a new Scope from the Scope tab and add a filter to it: city is {{currentUser.tags.location}}. This ensures that the data displayed is filtered based on the location tag associated with the current user, in this case, San Francisco. This way, the salesperson will only see orders relevant to their specific store location.