User authorization

Role-based access controls

Quickbase uses role-based access control (RBAC) to handle user authorization for applications. Every application has its own distinct and unique RBAC.

When you create an application, Quickbase auto-generates three default roles. You can then customize these roles and add additional roles.

Define what users see and do

Quickbase roles define what application users see and what they can do with that data.

For example, set up Role X to:

  • Modify Field A
  • View Field B
  • Not see Field C

In addition, application builders can set up custom filters that only apply to certain roles. This defines what records are visible to those roles. When you pair these two capabilities, application builders have cell-level control over what data is visible to a particular role or user.

How Quickbase is different — deeply embedded RBAC

From the API entry points to the in-memory database, RBAC is deeply embedded into Quickbase’s entire runtime engine. This means Quickbase checks permissions both when data is outbound and when data is calculated.

Consider a summary field. Products with outbound-only permissions checks can only restrict the summary field data if the field itself has been restricted. Quickbase, however, checks whether users have access to the summarized rows as we compute the aggregation. If they do not have access, they are excluded from the aggregation.

Every part of the platform runs these permissions checks, including:

  • Reports
  • Dashboards
  • Forms
  • APIs
  • Automated email notifications

The RBAC is a core component of a Quickbase application and, as such, is part of the application schema.