Role-Based Access Control
How to set up roles in CollabPortals to give different users different permission levels in the same portal.
Overview
Role-based access control (RBAC) lets you define different permission sets for different types of portal users. Instead of one set of permissions for everyone, you create roles (like "Admin", "Editor", "Viewer") and assign each role its own table and field permissions.
How Roles Work
Each role has its own complete set of permissions:
- Table permissions (view, create, edit, delete per table)
- Field permissions (hidden, view-only, editable, required per field)
When a portal user logs in, CollabPortals checks their role and applies the matching permission set.
Setting Up Roles
- 1
Define roles in your portal settings
Go to your portal configuration and navigate to the roles section. Create the roles you need, for example "Admin", "Editor", and "Viewer".
- 2
Map roles to your user table
Roles are determined by a field in your Airtable user table. Add a single select or text field (e.g., "Role") to your user table, and map it in your portal settings.
- 3
Configure permissions per role
For each role, set table and field permissions independently. An "Admin" role might have full access, while a "Viewer" role only has view permissions.
- 4
Set a default role
Choose a default role for users who don't have a role value in the user table. This ensures every user has a defined permission set.
The role field in your user table should contain values that match the role names you define in CollabPortals. For example, if you create an "Editor" role, the user's role field should contain "Editor".
Default Role
The default role is applied to any portal user whose role field is empty or contains a value that doesn't match any defined role. This is a safety net, ensuring no user falls through without permissions.
Set the default role to the most restrictive permission set (e.g., "Viewer"). This way, if a user's role isn't set up correctly, they get minimal access rather than full access.
Example Configuration
Here's a common three-role setup:
Viewer
- Can view all tables
- Cannot create, edit, or delete
- All fields are view-only or hidden
Editor
- Can view and edit all tables
- Can create records
- Cannot delete records
- Key fields are editable, sensitive fields are view-only or hidden
Admin
- Full access to all tables (view, create, edit, delete)
- All fields visible and editable
- Can see internal fields that other roles can't
Use Cases
Client Portal with Different Client Tiers
- Standard clients can view their projects and create requests
- Premium clients can also edit project details and see additional fields
Team Collaboration
- Team members can view and edit tasks assigned to them
- Managers can create and delete tasks, and see reporting fields
- Stakeholders have view-only access to project summaries
Data Collection
- Submitters can create new records and view their own submissions
- Reviewers can edit records and update status fields
- Admins can delete records and see all fields
Without Roles
If you don't set up roles, all portal users share a single set of permissions. This is perfectly fine for simple portals where all users need the same access level.
You can always add roles later without disrupting existing portal users.
Next Steps
- Table Permissions - Configure per-role table access
- Field Permissions - Configure per-role field access
- Portal User Authentication - How users are identified