Best Practices for State-Specific Read-Only Access in Corteza Client Module

I’m building a module in Corteza for managing clients, and I want users from each of the 50 states in the United States to have read-only access to their own state’s client list. My initial solution is to create multiple page layouts for the same module, each with a pre-filter for the record list based on the state. For example, the layout for Tennessee would have a pre-filter set to ‘state = TN’, and similarly for other states. This would require creating 50 security roles, one for each state & page-layout, each page layout with permissions assigned to the corresponding security role. Does this approach sound feasible, or is there a more efficient way to achieve this in Corteza?

Hi @ahamdan

I don’t think there is a quicker route. Corteza permissions are quite granular, but they are limited when you want to introspect permissions (e.g., a user can only view a record if the user is a party to another record, in your case, a US State record list). We have an alternative pattern for a different use case, but it is more complex than you propose.

What you propose sounds reasonable, assuming you are assigning the “state role” to a state’s page layout. As always, with permissions, you need to test its effectiveness.

Regards,
Mark

2 Likes