Permissions in Appsmith govern the level of access and actions users can perform on specific resources within the platform. To assign appropriate permissions to resources, so users can efficiently complete their tasks, it's crucial to understand the permissions, their interdependencies, and their cascading impact. This page provides an in-depth overview of permissions, their assignments, and interdependencies within the Appsmith access control system.
Create permission
The Create permission allows users to add new resources in Appsmith. This permission not only grants the ability to create but also includes additional permissions for managing and interacting with those resources. When assigned to a parent resource, the Create permission and its associated permissions are inherited by child resources, ensuring consistent access across the hierarchy.
- Application Resources
- Datasources & Environments
- Workflows
- Groups & Roles
- Others
| Resource | Create also grants below permissions | Permission Impact |
|---|
| Workspace | Edit, View, Delete, Execute | Allows creating new applications, pages, and queries. Additionally, users can edit, view, delete resources, and execute queries within the workspace. |
| Application | Edit, View, Delete, Execute | Permits creating new pages and queries within the application. It also includes permissions to edit, view, delete resources, and execute the application queries. |
| Page | Edit, View, Delete, Execute | Grants permission to create new queries within the page and manage them by editing, viewing, deleting, and executing the queries. |
| Resource | Create also grants below permissions | Permission Impact |
|---|
| Datasources | Edit, View, Delete, Execute | Enables creating new datasources and managing them by editing, viewing, deleting datasource configurations, and executing queries across all datasources within the workspace. |
| Datasource | Edit, View, Delete, Execute | Allows for the creation and management of the specified datasource, including permissions to edit, view, delete the given datasource configuration, and execute queries within it. |
| Environments | Edit, View, Delete, Execute | Grants the ability to create new environments and manage them by editing, viewing, deleting configuration across all environments (Production, Staging, and custom), and executing queries in all environments. |
| Environment | Edit, View, Delete, Execute | Permits creating and managing the specified environment, with additional permissions to edit, view, delete environment configuration, and execute queries within that environment (Production, Staging, or custom). |
| Resource | Create also grants below permissions | Permission Impact |
|---|
| Workspace | Edit, Delete | Allows the creation of new workflows within the workspace and includes permissions to edit and delete existing workflows. |
| Resource | Create also grants below permissions | Permission Impact |
|---|
| Groups | Edit, View, Delete, Invite User, Remove User | Permits creating new groups and managing them by editing, viewing, deleting group configurations, and inviting, or removing users from groups within the instance. |
| Roles | Edit, View, Delete, Associate Role | Allows the creation of custom roles and includes permissions to edit, view, delete custom roles, and associate both custom and default roles with users or groups. |
| Custom Roles | Edit, View, Delete, Associate Role | Enables creating and managing the specified custom role, with additional permissions to edit, view, delete the custom role, and assign the role to users or groups. |
| Resource | Create also grants below permissions | Permission Impact |
|---|
| Workspaces | NA | Allows adding new workspaces to the Appsmith instance. |
Edit permission
The Edit permission permits users to edit existing resources in Appsmith. When the Edit permission is assigned to a parent resource, it, along with the automatically assigned permissions, are inherited by the child resources.
- Application Resources
- Datasources & Environments
- Workflows
- Groups & Roles
| Resource | Edit also grants below permissions | Permission Impact |
|---|
| Workspace | View, Execute | Allows editing existing resources in the workspace. Additionally, grants permissions for viewing resources and running queries within the workspace. |
| Application | View, Execute | Allows editing existing resources within the application. Additionally, grants permissions for viewing application resources and running queries within the application. |
| Page | View, Execute | Allows editing existing resources within the page. Additionally, grants permissions for viewing and running queries within the page. |
| Resource | Edit also grants below permissions | Permission Impact |
|---|
| Datasources | View, Execute | Allows editing existing datasources in the workspace. Additionally, grants permissions for viewing datasource configuration and running queries in the given datasource. |
| Datasource | View, Execute | Allows editing the given datasource. Additionally, grants permissions for viewing datasource configuration and running queries in the given datasource. |
| Environments | View, Execute | Allows editing existing environments in the workspace. Additionally, grants permissions for viewing environment configurations and running queries in all environments within the workspace. |
| Environment | View, Execute | Allows editing given environment like Production, Staging, or custom added. Additionally, grants permissions for viewing configurations and running queries in the given environment within the workspace. |
| Resource | Edit also grants below permissions | Permission Impact |
|---|
| Workspace | NA | Allows editing existing workflows within the Appsmith workspace. |
| Resource | Edit also grants below permissions | Permission Impact |
|---|
| Groups | View, Invite User, Remove User | Allows editing existing groups in the instance. Additionally, grants permissions for viewing, inviting users to, and removing users from the instance. |
| Roles | View, Associate Role | Allows editing existing roles in the instance. Additionally, grants permissions for viewing role configurations and associating custom and default roles with users or groups. |
| Custom Roles | View, Associate Role | Allows editing given custom role. Additionally, grants permissions for viewing role configuration and assigning the given custom role to users or groups. |
Delete permission
The Delete permission permits users to delete existing resources in Appsmith. When the Delete permission is assigned to a parent resource, it, along with the automatically assigned permissions, are inherited by the child resources.
- Application Resources
- Datasources & Environments
- Workflows
- Groups & Roles
| Resource | Delete also grants below permissions | Permission Impact |
|---|
| Workspace | View, Execute | Allows deleting the resources in the workspace. Additionally, allows viewing resources and running queries within the workspace. |
| Application | View, Execute | Allows deleting the resources in the application. Additionally, allows viewing resources and running queries within the application. |
| Page | View, Execute | Allows deleting the resources in the page. Additionally, allows viewing and running queries within the page. |
| Resource | Delete also grants below permissions | Permission Impact |
|---|
| Datasources | View, Execute | Allows deleting all datasources within the workspace. Additionally, allows viewing datasource configurations and running queries in all datasources. |
| Datasource | View, Execute | Allows deleting the given datasource. Additionally, allows viewing given datasource configuration and running queries in the given datasource. |
| Environments | View, Execute | Allows deleting all environments within the workspace. Additionally, allows viewing environment configuration and running queries in all environments. |
| Environment | View, Execute | Allows deleting the given environment within the workspace. Additionally, allows viewing configuration and running queries in the given environment. |
| Resource | Delete also grants below permissions | Permission Impact |
|---|
| Workspace | NA | Allows deleting existing workflows within the Appsmith workspace. |
| Resource | Delete also grants below permissions | Permission Impact |
|---|
| Groups | View | Allows deleting groups within the instance. It also grants viewing groups and their configurations. |
| Roles | View, Associate Role | Allows deleting custom roles within the instance. Additionally, it grants viewing custom and default roles configurations, and assigning them to users or groups. |
| Custom Roles | View, Associate Role | Allows deleting the given custom role within the instance. Additionally, it grants viewing the given custom role configuration, and assigning it to users or groups. |
View permission
The View permission permits users to view existing resources in Appsmith. When the View permission is assigned to a parent resource, it, along with the automatically assigned permissions, are inherited by the child resources.
- Application Resources
- Datasources & Environments
- Groups & Roles
- Others
| Resource | View also grants below permissions | Permission Impact |
|---|
| Workspace | Execute | Allows viewing resources and running queries within the given workspace. |
| Application | Execute | Allows viewing resources and running queries within the given application. |
| Page | Execute | Allows viewing page and running queries within the given page. |
| Resource | View also grants below permissions | Permission Impact |
|---|
| Datasources | Execute | Allows viewing all datasources, and running queries in all datasources within the workspace. |
| Datasource | Execute | Allows viewing the given datasource configuration and running queries in the given datasource. |
| Environments | Execute | Allows viewing all the environments and running queries in all environments within the workspace. |
| Environment | Execute | Allows viewing the given environment configuration, and running queries in the given environment within the workspace. |
| Resource | View also grants below permissions | Permission Impact |
|---|
| Groups | NA | Allows viewing groups and their configurations within the instance. |
| Roles | Associate Role | Allows viewing roles configuration and assigning custom and default roles to users or groups within the instance. |
| Default Roles | Associate Role | Allows viewing all the default roles and assigning them to users or groups. |
| Custom Roles | Associate Role | Allows viewing the given custom role configuration and assigning it to users or groups. |
| Resource | View also grants below permissions | Permission Impact |
|---|
| Audit logs | NA | Allows viewing the Appsmith instance audit logs that help in monitoring the instance. |
Execute permission
The Execute permission permits users to execute actions such as running queries in Appsmith. When the Execute permission is assigned to a parent resource, it's also inherited by the child resources.
- Application Resources
- Datasources & Environments
| Resource | Execute also grants below permissions | Permission Impact |
|---|
| Query | NA | Allows running queries for the given page. |
| Resource | Execute also grants below permissions | Permission Impact |
|---|
| Datasources | NA | Allows running queries in all datasources within the workspace. |
| Datasource | NA | Allows running queries in the given datasource. |
| Environments | NA | Allows running queries in all environments within the workspace. |
| Environment | NA | Allows running queries in the given environment within the workspace. |
Make Public permission
The Make Public permission permits users to change the access level of applications, making them available to the public. When the Make Public permission is assigned to a workspace or an application, it, along with the automatically assigned permissions, are inherited by the child resources. Once granted, users can enable the Make application public option on the Invite Users modal to make an application publicly available. This option allows external users to access the app without the need to log in to Appsmith.
| Resource | Make Public also grants below permissions | Permission Impact |
|---|
| Workspace | View, Execute | Allows making all applications publicly accessible within the given workspace. |
| Application | View, Execute | Allows making the given application publicly accessible. |
Export permission
The Export permission permits users to export data and resources from Appsmith. When the Export permission is assigned to a workspace or an application, it, along with the automatically assigned permissions, are inherited by the child resources.
| Resource | Export also grants below permissions | Permission Impact |
|---|
| Workspace | View, Execute | Allows exporting all applications, their data and resources. It allows viewing the applications, and running queries required to view applications and exporting their data within the given workspace. |
| Application | View, Execute | Allows exporting application data and resources. It allows viewing the application, and running queries required to view the application and exporting data within the given application. |
Invite User permission
The Invite User permission permits users to invite other users to groups. Once granted, users can see the Add user button enabled on the groups configuration screen, and allows them to invite other users to the groups within the instance.
| Resource | Invite User also grants below permissions | Permission Impact |
|---|
| Groups | View | Allows inviting users to the groups within the instance. It also allows viewing the groups and group's configurations. |
Remove User permission
The Remove User permission permits users to remove other users from the groups wihtin the Appsmith instance.
| Resource | Remove User also grants below permissions | Permission Impact |
|---|
| Groups | View, Invite User | Allows removing users from groups within the instance that helps removing their access to the instance. It also allows viewing groups, their configurations, and inviting users to the groups. |
Associate Role permission
The Associate Role permission permits users to assign or change roles of other users within the instance in Appsmith.
| Resource | Associate Role also grants below permissions | Permission Impact |
|---|
| Roles | NA | Allows assigning default and custom roles to users within the instance. |
| Default Roles | NA | Allows assigning the given custom role to users within the instance. |
| Custom Roles | NA | Allows assigning the given custom role to users within the instance. |