Client-Side

App authorization is managed in the App Manager under Access > Authorize Roles and Users and applies to both back-end and front-end usage. You can dynamically grant or revoke permissions. However, any permissions that exceed the app’s configured limits will still be blocked by the server.

Client-Side Permission Control with Hooks #

Client-side functions let you grant or revoke permissions dynamically. However, if permissions are granted that go beyond the app’s configured settings, the server will block the corresponding actions.

Example: If delete actions are disabled in the app, calling app.setDelete(true) will show the delete option in the UI, but the server will still block deletion.

Available Client-Side Permission Functions #

app.getUsername()
app.userHasRole(role: string)
app.setGlobalSearch(boolean)
app.setColumnFilters(boolean)
app.setInsert(boolean)
app.setUpdate(boolean)
app.setDelete(boolean)
app.setInlineEditing({ [key: string]: boolean })
app.setBulkActions()

Example onAppOpen Hook #

if (!userHasRole('manager')) {
    app.setGlobalSearch(false)
    app.setColumnFilters(false)
    app.setInsert(false)
    app.setUpdate(false)
    app.setDelete(false)
    app.setInlineEditing({
        "email": false,
        "first_name": true,
        "last_name": true,
    })
    app.setBulkActions({
        "pdf": true,
        "xml": false,
        "delete": false,
    })
}

Notes #

The preferred hook for permission control is onAppOpen (available in Table Builder > Hooks).
Permission control functions are not available in the global hook.
Do not call any app.set* functions during rendering, as this can cause an infinite loop.

Still stuck? How can we help?

Updated on 2025-06-09

Submit a Comment Cancel reply