Profiles and Access Levels - Advanced Permissioning
Setting up access levels the way you want to.
Access levels
Not every user has to be the same. You may want to restrict what certain users can see or do in your Jestor. For example:
- Restrict access to financial data for most users
- Invite clients to your Jestor and limit their view to records that involve them directly
Because access levels can vary infinitely, Jestor provides the Profiles area to configure them exactly as needed.
Setting up a profile
- Go to the Developer Area
- Click Profiles → + Create new profile
- Name the profile and press Create
Default access level: A newly created profile grants the user visibility over everything, but restricts user management and the ability to create tables and dashboards.
Setting the rules
Below is a fully commented example of a profile configuration:
{
"manage_users": 0, // can't add new users or change access levels
"create_table": 0, // can't create new tables
"create_dashboard": 0, // can't create new dashboards
"channel_read_only": [123], // channels where the user can only read
"direct_message_users": [1, 11, 22], // users the user can send direct messages to
"direct_message_profiles": [10001, 11001], // profiles whose users the user can message
"tables_enabled": {
"tasks": { // can see the Tasks table
"data": [ // filtered with the conditions below
{
"field": "owner",
"reference": "id_user" // only shows records where the user is tagged as owner
},
{ // AND
"field": "status",
"operator": "!=",
"value": "Done" // only shows records with status different from "Done"
}
],
"fields_excluded": [
"request_date" // can't see the Request Date field
],
"fields_readonly": [
"client", // can see Client field, but not edit
"priority" // can see Priority field, but not edit
],
"manage_structure": 0, // can't create/edit/delete fields
"can_delete": 0, // can't delete records
"can_create": 1, // can create records
"can_edit": 0, // can't edit records
"create_comment": 0,
"edit_comment": 0,
"delete_comment": 0,
"read_comment": 0
},
"reminders": { // can see the Reminders table
"*": "*" // can see everything and do anything on this table
}
},
"tables_disabled": [], // no specific table disabled
"pages_enabled": {}, // no specific page enabled
"pages_disabled": [], // no specific page disabled
"dashboards_enabled": {
"*": "*" // can see every dashboard
},
"dashboards_disabled": [
"marketing_kpis" // except for Marketing KPIs
]
}Parameter reference
| Parameter | Description |
|---|---|
manage_users | Ability to add users and change access levels. 1 = true, 0 = false |
create_table | Ability to create new tables. 1 = true, 0 = false |
create_dashboard | Ability to create new dashboards. 1 = true, 0 = false |
tables_enabled | Tables the user has access to, with optional nested parameters (see below) |
tables_disabled | Tables the user cannot access |
pages_enabled | Pages the user has access to |
pages_disabled | Pages the user cannot access |
dashboards_enabled | Dashboards the user has access to |
dashboards_disabled | Dashboards the user cannot access |
Nested parameters inside tables_enabled
tables_enabled| Parameter | Description |
|---|---|
data | Filters defining what records the user can see. Valid operators: https://docs.jestor.com/reference#list-records |
fields_excluded | Fields the user cannot see |
fields_readonly | Fields the user can see but not edit |
manage_structure | Ability to create/edit/delete fields. 1 = true, 0 = false |
can_delete | Ability to delete records. 1 = true, 0 = false |
can_create | Ability to create records. 1 = true, 0 = false |
can_edit | Ability to edit records after creation. 1 = true, 0 = false (beta) |
default_tabs — initial menu arrangement
default_tabs — initial menu arrangementDefines the menu on the user's first login. Requires the following nested arguments:
sections— each section contains:id— identifier for the sectionlabel— how the section appears in the menuitems— list of tables/pages/dashboards in the section, each with:object— API name of the table/page/dashboardlabel— how it appears in the menutype— item type:object(table in list form),board(kanban),dashboard, orpage
Restrictions are stronger than permissions
A restriction always overrules a permission. Even if a user has access to everything, blocking a specific table means they cannot access it. Likewise, granting permission for a specific table has no effect if all tables are disabled.
Example 1: User can see everything except the Payables and Receivables tables.
{
"manage_users": 0,
"create_table": 0,
"create_dashboard": 0,
"tables_enabled": { "*": "*" },
"tables_disabled": ["payables", "receivables"],
"pages_enabled": { "*": "*" },
"pages_disabled": [],
"dashboards_enabled": { "*": "*" },
"dashboards_disabled": []
}Example 2: User cannot see any table — even though Tasks is listed in tables_enabled, the "*" in tables_disabled overrides it.
{
"manage_users": 0,
"create_table": 0,
"create_dashboard": 0,
"tables_enabled": { "tasks": "*" },
"tables_disabled": ["*"],
"pages_enabled": { "*": "*" },
"pages_disabled": [],
"dashboards_enabled": { "*": "*" },
"dashboards_disabled": []
}Updated 6 days ago