🆕 Database record-level access

📢 Info & Announcements
1


Maybe you want to control record access with a member field so your teammates can immediately see who has access. Or maybe you want to use Tape’s Automations to update access dynamically as records move through your process.

With the newly released member field in the new record experience and forms, we now have the foundation for a new way to control who can see and work with specific records in a database.

Welcome record-level access. You can now give people access based on a member field or the created by field.

You’ve built a database your whole team works in. But not every record should be open to everyone.

  • An IT ticket database where ticket creators can edit their own tickets, but not accidentally change tickets created by others.
  • A recruiting database with many candidates, where only the responsible hiring managers should see information about their own candidates.
  • A contractor task database where contractors should only be able to view and edit their own tasks.

Record-level access handles this.

You grant access through the created by field or a member field. A member field can hold one or more users on a record, and those users can automatically receive access based on your rule.

The rule updates automatically. If someone is added to the member field, they get the access you set for that record. If they’re removed from the field, they lose that access again.

Example: add a rule on the created by field with Full access . Now everyone gets full control of the records they create, while the rest of the team only has the database access you already gave them, for example Can view .


:books: How to get started

  1. Open a database.
  2. Click Share at the top of the database.
  3. Under Record-level access, select Add a new rule.
  4. Select a member field, or Created by.
  5. Choose an access level, for example Can edit.
  6. Select Create rule.
  7. Choose how people added to the field can access their records: Invite only or Anyone with shared content.

Add more rules for other member fields, each with its own access level. Permissions apply across every view of the database.


:busts_in_silhouette: What others see when you set up record-level access

How others can interact with a database’s content once you’ve assigned record-level access depends on whether they have access to the database or not.

If someone has access to the database

Let’s say that you have Full access to a task database. Your direct report Anna has Can comment access.

Then, you create a record-level access rule that gives people in the assignee member field Can edit access. You assign task 1 to Anna.

In addition to being able to view and comment on all records in the database, Anna can now also edit task 1 as a result of the record-level rule.

If someone doesn’t have access to the database

Let’s say that you have Full access to a task database. Nobody else has any level of access.

Then, you create a record-level access rule that gives people in the assignee member field Can edit access. You assign Task 1 to Anna.

There are two ways Anna will be able to view and work on task 1:

  1. With Invite only , Anna will get a notification in Tape telling her that she got assigned to task 1. She can then open the task from her inbox.
  2. With Anyone with shared content , Anna will also get a notification. In addition, she’ll be able to access and edit task 1 directly in the app table. Any other tasks you assign to Anna in that database will also be accessible to her in the app table.

Because Anna only has access to her tasks via record-level access rules, she won’t be able to create new records in the database. To allow new record creation, you’ll need to give Anna additional Can create only permission on the database.


:zap: Use automations for dynamic access

You can also let automations update member fields for you.

For example, a member field called creator can grant Can edit access, while a member field called reviewer can grant Can view access. When a record moves into review, an automation can add the right person to the reviewer field automatically.

This way, access follows the record’s process without manual sharing.


:bulb: Good to know

  • The broadest access wins. Record-level access can grant more access, never less. If someone already has Full access to the database, a rule with lower access won’t take that away. Before you rely on a rule to limit someone, make sure they don’t have broader access elsewhere in the Share menu.
  • Being added to a field notifies the person. You can change this in the member field’s settings with “Notify when added” and “Follow when added”.
  • It grants access, not creation. A rule lets people open and edit specific records. It doesn’t let them create new ones. To allow that, give them Can create only permission on the database.
  • Removing a rule. Open it from the Record-level access section in the Share menu and select Remove permission rule .
  • Allow all members in member fields lets you select members from the entire organization in a member field, making database record-level access even more valuable. More details âž”

Record-level access opens up a lot of new setups, from per-owner tickets to status-driven review flows. We’re excited to see what you build with it.

Read the full walkthrough in the Help Center âž”
Happy building.

4 Likes
2

This is so awesome. Going to use it right now on an outstanding task that was waiting for an API based sharing automation to be built.

1 Like