Quickbase uses a RBAC (role based access control) mechanism to authorize users to an application. Every application has its own distinct and unique RBAC. By default, when creating an application Quickbase auto-generates 3 default roles for your application. These default roles can be customized easily. Quickbase roles can define restrictions on a whole host of actions. They also have fine-grained control over what components of an application can be viewed. For example, one can specify for Role X that Field A is modifiable, Field B viewable, and Field C cannot be seen. In addition, roles can provide custom filter clauses to define what rows are visible. This means that app builders have almost cell level control over what data is visible to a particular role/user.
Quickbase also differs from other solutions in that the RBAC is deeply embedded into the entire runtime engine, from the API entry points down to the in-memory database. This means that permissions are checked on the outbound data, and while calculating individual fields. To give an example, think of a summary field. With a solution that has an outbound only permissions check will only restrict the summary field data if that field itself has been restricted. However with Quickbase, as we compute the aggregation, we check whether the user has access to the summarized rows. If they do not have access, they are excluded from the aggregation.
The RBAC is a core component of a Quickbase application and, as such, is part of the application definition.