Using Privacy Rules in Bubble - Separate SaaS customer data

Great to hear you found this useful, appreciate the feedback. If there's anything else that you'd like me to cover or expand on please let me know.

Thanks, much appreciated. Some good ideas for future videos :) Don't forget to check out the part 2 of this as well : th-cam.com/video/_DKEXFZJU-M/w-d-xo.html

Thanks Tim. Using this method, the core separator between SaaS customers is the SaaSAccount type and each user must be assigned a SaaSAccount. For sign-up you would give them a basic sign-up form - first name, last name, email and, if it's a B2B type system, a business or company name. In the workflow to sign the user up, you would also create a SaaSAccount thing and assign that SaaSAccount to the user that you're signing up. This way, whenever the user logs in, the privacy rules automatically handles only serving up their data. For multi-user, I would set up a mechanism where the user that initially signs up & creates their SaaSAccount, can invite other people to join. That's a whole subject in it's own right and I have an approach that I use that I may well share in a future video. In the meantime this might be useful : th-cam.com/video/FXZzG6VRGEc/w-d-xo.html

Hey, thanks for the feedback and kind comments, much appreciated. I probably wouldn't use both methods together as you're just repeating what Bubble is doing behind the scenes and that can only have an effect on performance. If you're thinking that doing both would put a "double-lock" in place, not really as Bubble does the work and it works brilliantly well, it just requires a bit of forethought with structuring the data and how your rules work which is never a bad thing. Where I do use my own constraints on searches rather than Bubble's privacy rules is where I need more control, once they're in privacy rules you've kinda lost any flexibility, which in a security situation is good, but sometimes you just need to be able to get at some data without something else getting in your way. A good example for this would be building your own SaaS Customer portal or dashboard where you need access to data regardless of a user's constraints. Although it is a last resort and I'll always try to structure the data to work with privacy rules rather than go against them if it's at all possible. If you can get Bubble to automate it then it's the better option. Hope that helps.

@@nocodecoder4160 thanks for the reply and I will take the advice on board for what I am developing now.
I love the bubble community it's refreshing in the help offered by so many.
You explain things well, keep up the good work when you have time 👌

Many thanks for your feedback. Yes, that's precisely what I do in my business apps, enable multiple companies within a single SaaS account - I didn't want to muddy the waters in the video by going into that. It works largely the same, depending on what you want to enable the user to do. So in a basic example you would simply have a Company data type which has a SaaSAccount field to link to the main SaaS Account that it's assigned to. On each data type, rather than a SaaSAccount field you would have a Company field and you would setup your privacy rules around Company rather than SaaSAccount. It gets a little more involved as obviously a user's SaaSAccount never changes but the Company they want to use can of often will change. Also you won't be be able to set the current Company that they're using for the session on a Custom State as privacy rules don't allow you to reference custom states. The way I do that is just to have a field on the User data type for Current Company. When they open the app I ask them which company they want to use and write that back to the Current User's Current Company field and then in the privacy rules check for 's Company is Current User's Current Company. If you want the user to see the data from multiple companies at the same time such as for consolidation then that gets a bit more involved but is very doable with privacy rules provided the data structures are setup correctly. I hope that helps. If there's anything you'd like me to cover in another video please let me know.

@@nocodecoder4160 thanks! Would love to see this in a video at some point. Do you have or know of any resources that provide an example that I could follow?

Thanks. Not really doing Bubble stuff any more and certainly not using it for backend operations like database. Prefer Toddle or Weweb for front-end and now use Xano or Supabase for databases.

Thank you for your kind comments, am glad you found it useful. Yes you would need to add a field for SaaSAccount to every data type that you need to separate data between your end/SaaS customer accounts. You would then need to "Set another field" whenever you're creating a "thing" for each data type, and you'd use the Current User's SaaSAccount as the value. So in the Workflow where you're creating a new board for example, you would add it just as another field to the board. The user's SaaSAccount should be set when the user is first created and should never change so that the data being shown is always the current user's SaaSAccount and when you're creating new records you can be assured that the Current User's SaaSaccount is always the correct one. In terms of adding SaaSAccount as a new field to types with lots of existing data and you need to fill the existing data with the relevant SaaSAccount then you'd need to use API workflows for that which will require at least Bubble's Personal Plan. I hope that helps you.

@@nocodecoder4160 thanks so much - your suggestion has fixed it!

From my experience, no it doesn't make any difference. Bubble will check all the rules defined for a data type to determine what the user can access. It is important to know that Bubble applies a "least restrictive" policy which means if you have two rules, one giving the user more access to a record than another then that will trump the one giving it less access eg you have a field for Salary, the user matches one rule which denies the user access to the field but the user also matches another rule that does grant access to that field - Bubble will use the least restrictive rule and grant access for the user to see the Salary field, again though the order that these rules are defined doesn't have any consequence. I hope that helps.

@@nocodecoder4160 Great to know. Thank you for these videos. They are the absolute best on youtube right now

You have to create the new SaaSAccount before the action step to sign the user up. You then assign the result of the step that you created the SaaSAccount to the SaaSAccount field in the user sign up step. Hope that helps.