How to allow groups of users to securely collaborate on shared data

Setting up Collaboration on Shared data using Teams can be a challenge. Invitations can be tricky. Here is how I set it up.

Making a website is relatively easy.
Making a multi user SaaS app is harder, but doable.
Making a multi user SaaS app with TEAMS is harder still. It’s made me consider my life choices at times :) but it’s doable, and I’ll explain the parts of it below.

Let’s Talk CRUD

Crud is an acronym, meaning the ability to Create, Read, Update and Delete data. These 4 activities are commonly required in any SaaS app where you have some kind of work item you are operating on, such as a task in a task list. The trick is to be able to control ‘who can do what’ by means on an authorization system. This could mean for example that every logged in user can read items, but only admins can delete items. Restricting items to be accessed by their creator is fairly simple in Bubble by means of logic such as:

and combined with Privacy rules like:

But this kind of mapping of a single user to a single kind of object is not always what you need.. sometimes you need to expand your definition of ‘tenancy’..

Tenancy

So, what is this tenancy thingy?

It’s just a fancy way of saying we are storing multiple customers data in one place (the database), in such a way that we can securely make sure that each customer can only access a subset of the data. In most cases this means their own data, but technically it could be another customers data that they are also allowed to access.

Well, it’s much like a building. You don’t really want to build an entire building and have just one person storing their stuff there, as that would be expensive and inefficient. Ideally you’d build one building and have multiple apartments, each with their own number, and door key. You could even have one person who looks out for their neighbour, and has a key for that apartment in addition to their own. So, it’s just a matter of having a system in place to manage which stuff lives in which part of the building, and controlling how to find it [room numbers], and who can access it.

Tenancy identifiers

You can imagine that finding specific data can be a challenge, and so we need to make sure that every piece of data in a multi tenanted system has a unique identifier.

In the case of many bubble apps this is simple, as bubble automatically generates a Unique id for each person in the users table. You can reference users in searches and privacy rules via ‘Current User’.

Search constraint example:

So, controlling each users access to their own data is relatively straightforward. But how would we control access for a group of people who want to collaborate on some shared data, as a team.

We need to make sure that each Team has its own unique identifier, then use that id to control the CRUD access rules.

Team Identifiers

As part of the onboarding of new team administrators in my chore scheduler app RosterBuddy.app, a new team is created. Each team needs to be unique in my system, and I have made sure that I separated the team ‘name’ from the team ‘id’. In this way, there can be many teams with the same name, but this doesn’t cause problems with the tenancy rules. Also, a team admin could later rename their team, without issues as the teamid stays the same.