Entity sharing on Free/Standard workability

Hi All,

I just added a second teammate (we are now three users including myself) and I currently have four databases.

I have a single ‘Tasks’ database—I do not want to create a separate Tasks database for each new User I ever onboard. Not every User needs to see every task.

I think we are nimble enough to qualify for the Free tier. All the restrictions seem OK, but I can’t seem to grow from 2 to 3 users due to the permission system.

I can see two ways to share only a subset of Task entities with each different user:
a) share each entity manually at the entity level or
b) toggle on the ‘Automatically share entity with User’ on a linked User relation field?

• If I were to use the a) manual entity-by-entity sharing, is there a view or other way I can at-a-glance see which entities are shared with which Users? That might be workable if so, but if not I think it will become unmanageable for more than a few entities.
• If I used the auto-share via a linked User relation field, “Owner” is the only permission type available on the free tier, which allows the User to share the entities publicly, so this won’t work. (“Editor” status would probably be workable for me if it were an option).

I thought I had a workaround, which was to place the Tasks database in a Space with no views. I shared this Space with both users— since there were no views, I thought they couldn’t see the data. I then made two additional spaces, one for each user. In each of these spaces, I configured a view with a global filter imposed to only show the relevant tasks. This seemed like a great solution until I realized that Users can create Private views and therefore see all of the entities in the database, so providing only filtered views is not sufficient to hide filtered entities. I don’t think disabling private views would be smart even if I could do that, but please let me know if I’m missing a standard practice here.

It feels like a big push to jump to the $20/seat Pro tier. However, I still feel I’m a pretty nimble and basic team at myself plus 2 users and only 4 databases. I was hoping to slowly build complexity and add a few more users in the coming month and then if things are still working well, I’d be looking at upgrading to Standard when that’s needed—I think this is also Fibery’s expected on-ramp as well?

I’d welcome any ideas for how any team would manage permissions on Free/Standard. I’m OK with all of the other restrictions I’m aware of, but this one seems more fundamental to working as a team and I don’t know how to overcome it without upgrading before I intended.

Thanks for any ideas!

Are you concerned that your colleagues will share sensitive information publicly? Deliberately or unwittingly?

Either way. Any employee could become disgruntled or just be sloppy. As the owner, I am responsible for risk management.

I think if an employee were disgruntled to the point of wishing to deliberately share company info in contravention of their job contract, then disabling public sharing is not likely to be a barrier - they can always copy and paste any data they have access to.

For every entity, you can click on the Share button to check who has what access, but at the moment it’s not possible to do the other way around (i.e. for every User, check what entities they have access to).

So apart from that, I think you’re correct in your analysis of the options - it boils down to a choice between the manual work of granting (and tracking) access manually and the cost of a licence that allows automatic access control.

And that’s a risk management calculation you need to make, taking into account the likelihood of accidental sharing (and the potential loss you could suffer).

I suppose you’re correct that someone could always copy and paste data, take a photo, whatever.

I’m left head-scratching a little. If Fibery wants to limit the capabilities of Free / Standard users to encourage account owners to upgrade, it might’ve offered only Editor access via User relation linking, since that would both limit Users’ powers while also being “safer”. Instead, they’ve limited this mechanism to the most powerful option, at some added risk. I suppose I don’t need to understand the reasons, but I wonder if they might reconsider some day.