Granular Role-Based Permissions
Overview
AnyDB uses a role-based access control (RBAC) model to help you define fine-grained permissions across your workspace. Each role controls who can view, create, update, or delete resources like databases, documents, users, groups, and more.
How It Works
Each role defines access types and permission levels for different resource scopes:
- Access Types: Self, Admin, Attached, Users, Share
- Permission Levels: Read, Update, Create, Delete
Permissions can be applied independently to:
- Databases
- Teams
- Documents
- Groups
- Users
Roles can be assigned to users or groups to enforce consistent access rules across the workspace.
Access Types
| Access Type | Description |
|---|---|
| Self | Data or records created or owned by the user |
| Admin | The user is an admin for this scope |
| Attached | Items that are attached to or linked from a record |
| Users | General team users not explicitly scoped otherwise |
| Share | Public or guest access through shared links |
Permission Levels
| Permission | Description |
|---|---|
| Read | View access only |
| Update | Edit or modify existing content |
| Create | Ability to add new items or resources |
| Delete | Ability to remove existing resources |
Each permission is marked with a ✅ (allowed) or ❌ (denied) per scope/type.
Example: Denied Access Role
The Denied Access role revokes all permissions across all scopes. This is used to explicitly block users or guests from viewing or interacting with any part of a workspace.
| Scope | All Access Types | Permissions |
|---|---|---|
| Database | ❌ Read, Update, Create, Delete | |
| Team | ❌ Read, Update, Create, Delete | |
| Document | ❌ Read, Update, Create, Delete | |
| Group | ❌ Read, Update, Create, Delete | |
| User | ❌ Read, Update, Create, Delete |
Tips for Admins
- Use custom roles to give contributors limited edit or view access
- Apply group-based permissions for scalable access control
- Use the Denied role in combination with group or share rules to restrict fallback access
- Review role settings regularly in the Roles panel under Team Settings
Best For
- Admins managing access across large or multi-team databases
- Workspaces with public forms or shared documents
- Roles like Viewer, Contributor, Editor, Manager