Nov 16, 2023 / 🔒 Entity permissions (experimental)

:test_tube: Entity permissions

share-entity

After a short private beta with a bunch of brave and helpful customers, we are ready to open entity permissions to a public beta. This is just the first release of many, so don’t get your expectations too high just yet :sweat_smile:.

What’s new

In addition to sharing entire Spaces, you are now able to share individual Entities with people who lack any Space access. Moreover, there is an option to extend access down the hierarchy: for example, to share a Project with all its Tasks or a Feature with all its Stories and Bugs:

Check out the brand new Sharing & Permissions guide and Share Entity in particular for more details.

So far you can only share with existing workspace users (not Groups or external folks), so we expect to cover internal use cases first. A couple of examples:

  • HR & People Ops: share one-on-one meetings and performance reviews by providing each user extended access to their Employee.
  • Per Project/Product access: instead of creating a Space per Project with duplicate DBs, share individual Projects/Products instead.
  • Freelancers and contractors: share individual Tasks with regular collaborators who are not part of your team.

We have also seen a few digital agencies inviting clients into their workspace. It’s a prime example of entity permissions — but bare in mind that we don’t currently limit access to users, so clients will be able to know about each other.

What beta status means

Please don’t hesitate to use entity permissions on production data: it’s been well-tested and survived the private beta.

There are a few known issues we expect to improve till a proper release:

  • Search: a person is not able to find an Entity even if they have entity-only access to it.
  • History: what someone can see is sometimes inconsistent with entity permissions if they’ve changed.
  • Minor UI glitches here and there.

Also, we have put some limitations in place to make the infrastructure is robust enough:

  • 1,000 shares per workspace
  • 25 relations per DB for extending access

If you experience any issues outside of these, please let us know.

Pricing

While in beta, all the new functionality is available for everyone, regardless of the pricing plan.

As we figure things out, some functionality (notably, extending access) most likely will become exclusive to the Pro plan. If you are on a Standard plan, don’t worry: we won’t revoke existing access, you just won’t be able to extend access for more Entities and users.

What’s next

Based on the private beta and our research, here’s our menu for the next few months:

  • :soon: Custom access templates: specify what to extend access to and how many levels deep
  • Tweak the left menu to work for people without Space access
  • Share Entities with Groups
  • Share Entities with external people who aren’t supposed to be Fibery users
  • Share Documents

Also, there are a few things that call for Database access:

  • Configure access to Users
  • Automatically provide access to assignees and other linked Users
  • Allow Creators and not just Admins to create automations and receive notifications about broken things

We will gradually create community topics for each of these Features/Problems and prioritize them based on your feedback and usage. So far please post your use cases and anything that prevents you from getting the full value out of entity permissions here or in the main community topic.

Grid View improvements

  • Open an entity in the panel upon row focus, if the panel is already open
    When you open an entity in the Grid View, you can simply click on another row to jump to another entity. Keyboard navigation also works, allowing you to quickly explore entity details.

grid-view-open-entity-upon-row-focus

  • Hide Database icon when only a single DB is visualized on a Grid
  • Performance improvements, Grid View rendering is much faster now
  • Expand the pinned column border to the whole column
  • Increase header contrast
  • :lady_beetle: When you try to create a new item and you hit TAB, the item is not created but the name is cleared

Progressive rendering of AI Assistant replies

ai-progressive-rendering

Now Fibery AI Assistant and User Guide chatbot output results progressively, so you wait less and see what is going on faster.

:butterfly: Minor improvements

  • You can restore pretty much anything you’ve deleted without having to ask an Admin.
  • Activity Log (ex-Audit Log), Trash, and Hidden Spaces are now at the bottom of the left menu.
  • The errors that appear when rich text is offline or broken are now written for all kinds of humans, not just developers.

:shrimp: Fixed bugs

  • Threads became simple comments in converted entity
  • Settings should not be displayed in the left menu for Public spaces. Use defaults there
  • Entity link copied from search results has an incorrect name in it (elastic-highlight-results…)
  • Unexpected pop-up position on adding new fields for the case when OE has no right column
  • Formula pop-up should not be displayed over left menu
  • Error on opening recently created in Relation list entity
  • The position of ‘Add field’ pop-up should be adjusted
  • Broken layout in Timeline-> Add new date field
  • Bad ‘add field’ pop-ups height in related collections list and embed views
  • Unexpected place for appearing pop-up when user edits relation on OE
15 Likes

AMAZING. Very excited to try!

3 Likes

That is FANTASTIC! I have tried and tested it and it is so really working so well! :grinning::grinning::grinning::grinning::grinning:

I discovered something interesting…

I created a Space called “ReportPermissions” (it’s late here so too tired to think of a better name :innocent:), with a Database also “Reports”, with the fields Name, Date, Location, Attachment, etc. I shared this with no one! :eyes: But I shared 3 reports with my fictional client John. The other 20 reports I did not share with him.

A second space I called “Reports”. I shared this with all the clients! In it I created a map view that uses the Reports database mentioned above. I logged in with John’s account and I only saw 3 of the reports on the map!!

So you can also create views in this way that show ONLY the entities that this user has access to!

I was hoping for months this would be the case as it is very useful for me! :partying_face:

So thanks a lot!

Ps Anton I pressume you try to be sneaky and strike when Michael doesn’t expect it because he mentioned you could take revenge on him telling us your secrets! :shushing_face::sweat_smile:

3 Likes

Awesome release :heart_eyes:

:arrow_up: This is what we currently miss the most.

Our databases are quite large and especially for note + task database we want to set permissions based on assignee and linked users. Currently it’s a big PITA that a user can find entities via search and linked entities.

Also we’ve created so many different spaces for the CRM part because there is no such thing as database permissions.

But because of GDPR, we need to manage access very strictly per entity type (forms, addresses, orders, contact details, appointments etc.)

So we currently have 8 spaces that all contain parts of the CRM solution, so that we can manage per database which user groups get access.

Ideally we have 1 CRM space with all databases and then set permissions per database. That will make the workspace a lot lighter and access management more easy.

Awesome grid improvements! Really like this one :smiley:

We do often hide name column. Then it looks weird since there is a lot of empty space.

Are there plans to fix this?

image

Those are not minor at all! Although it may seem as a minor improvement; it’s actually a big one for most users IMO :smiley:

5 Likes

Well done ! so happy to use the new entity-level permissions.

Also happy to read you would implement Database level permissions where stands my main usecases.
Group Sharing is also more than expected.
Would be also great to share multiple entities using Table or Grid checkbox selection.

5 Likes

Yep!

Fun fact: we hadn’t thought of this 2-Space pattern until the very first private beta customer (:sparkling_heart: if you are reading this) conceived it right on the spot.

Before we invent something better for the left menu, one private Space with DBs and another shared one with Views is probably a way to go in many use cases.

Ps Anton I pressume you try to be sneaky and strike when Michael doesn’t expect it because he mentioned you could take revenge on him telling us your secrets! :shushing_face::sweat_smile:

I would appreciate it if you stop reminding him that the vendetta is coming :sweat_smile:

3 Likes

That is a fun fact indeed! Thanks for sharing :sweat_smile: Very happy that this workaround works!!

One question: is the limitation of 1000 shares per workspace meant as a temporary limit (during this development phase)? Not an issue right now but if may be useful in the future!

I would appreciate it if you stop reminding him that the vendetta is coming :sweat_smile:

:speak_no_evil:

Hopefully, while in beta :crossed_fingers:
Most likely, there will be some limit but we hope it’s gonna be the one that 95% of workspaces never reach

What a surprise! This makes me so happy. I asked for this a while ago but didn’t expect it to actually happen. Thank you!!

This will finally convince me to start using panels instead of the one-panel option.

2 Likes

Well, this space will be occupied with number and checkbox in the next release

2023-11-17 19.00.29

2 Likes

Awesome :star_struck:

Are there plans to create the same look & feel for grids with and without name column?

In the old table we had one look & feel; it didn’t matter if the first column was ‘Name’ or something else like ‘date’

image

In the new grid the lay-out differs.

image

We often hide ‘Name’ column since we can’t change the title and sometimes it’s not very clear what ‘name’ is.

Also in this example, the order date + contact + product is all you need to see. That’s why Name is hidden.

This is a more insane news drop than Sam Altman out as CEO!!!

You have ruined my weekend (in a good way). :slight_smile:

3 Likes

awesome release and i will play around with permission and 2-space setup with views. but i still hope that entity level permissions also allow for setting single entities to “private” while ALL OTHER entities show for a set user group/users.
like posted in another thread, we have a big CRM but i do not want some of the contacts to show up for everyone.

3 Likes

This Entity Permissions release did not handle the following issue yet, where publically shared entities cannot be read by external apps:

I’ve been waiting so long for this :heart_eyes: :heart_eyes: And wow, all the other improvements :flushed:
I’m all-in on Fibery :')

I’ve written down some thoughts. I have not checked if it’s already known or if others have mentioned it so take that into account :slight_smile:

Visualize permissions

It would be useful to see or simulate what a user can see, especially for Extend. I envision our team members accidentally sharing too much information. As an admin, it can be difficult to see/visualize what other users or user roles can see so I think this is beneficial in more cases than just permissions (I’ve seen other requests similar to this, can’t find them now).

Limit sharing Permissions

As an admin, it would be useful to set limitations to what specific Roles can do regarding permissions. E.g. an Editor or a User with a specific Role can share these types of entities.

“Reverse permissions”

It would be very valuable to have all users have general access to a Space or Entity database, but then limit specific tasks to be Private. E.g. a Tasks database which all users use and then you can have private Tasks, tasks visible to a certain number of people within a Team or with a specific Role.

3 Likes

Thanks!

As an admin, it would be useful to set limitations to what specific Roles can do regarding permissions. E.g. an Editor or a User with a specific Role can share these types of entities.

Could you please share a couple of examples of what specific limitations you’d like to set in your workspace? We have a few ideas in the backlog, but I’m not sure how they map to your use cases.

Sure, let me try to give more information!

We use Role and Team databases that have relations to the User entity. We use these to limit access to different spaces and have been doing so from the start. This works well in my opinion.

As a digital agency, we work with a lot of clients but due to previous limitations in Fibery regarding sharing/entity permissions, we don’t really have any clients in our workspace. So that is taken care of externally using other communications (Slack/email mostly).

With the new entity permissions comes the possibility to share workflow/workspace with clients (which is good!). But at the same time I can imagine our users/coworkers accidentally sharing too much information, perhaps mostly because of the Extend functionality. I know, it has been possible to share information using the Public url for a long time, but because of previously mentioned limitations, a user/coworker has been more restricted and more aware of what they are sharing.

In my mind, I imagine it would be nice to be able to restrict sharing of entities to certain roles.


An example:
We would like to have all Senior Project Managers (an entity within the Role database, used for permissions) och all Partners (an entity within the Team database, used for permissions) be able to share the Project entity, together with, Tasks, Meetings and everything that comes with the Extend functionality. p.s. would be nice to limit how much Extend is actually extended, e.g. some relations should not be shared. But no one else should be able to share this information. We have Junior roles and interns that need access to entities or spaces but should not be able to share information outside the organization.


Does this make sense? Sorry for the long winded description but this is mostly what I was thinking about regarding setting limits on permissions. This is mostly a nice to have right now but I think I’m mostly expressing my concerns when it comes to the Extend functionality which seems powerful (with great power comes great responsibility and all of that :))

Thanks for the detailed explanation, it makes total sense!

We have something cooking for you :smirk:

We haven’t truly supported inviting people from outside an organization, this is in our plans for 2024. Meanwhile, Owner is the only access level with external sharing capability, but currently, it only restricts sharing via public link, not inviting users (who are assumed to be internal ones).

2 Likes