Protect users from deleting table and/or database

Hello, I am evaluating Baserow for use in manufacturing companies that I work with. I love the no-code simplicity, but I can’t get past the lack of data protection. If I created a Baserow to track for example the jobs in our manufacturing operation, it would be a simple table: |Job Number|Customer|Part Number|Quantity|Stage|Status|Created By|Updated By|

However, how do I protect from one of my users Deleting the table or the database? I created a “member” user and all they have to do is click the three dots and they can Delete the database or a Table. Am I missing something?

Hi @bbuss!

You are not missing anything indeed and we will work on various “access control” features shortly.

If you have any particular input on how access control should work or what exactly do you need (“this user can’t delete or modify any tables” etc.) then please do elaborate more on your use case as we are currently in the planning phase and looking for such input for the upcoming features.

It could also be a good input whether you plan on using a paid version of Baserow for this use case. If so, we could get you in contact with our CRO (Chief Revenue Officer) to talk more in depth about the possible solution.

1 Like

Hello @bbuss! We released the role-based access control feature, and it is now possible to grant roles to your workspace members individually. Roles in this initial release are workspace-wide, but in the coming weeks, we will also allow you to assign roles on specific tables and databases. These are the available roles: Admin, Builder, Editor, Commenter, and Viewer. Check the details here: 1.13 release of Baserow // Baserow.

1 Like

Is access control for enterprise only?

Do you have any plans to roll out a minimum feature set for open-source users?

AFAIK the ‘member’ user can delete the entire database at the moment? I could deal with them messing it up, so long as I could restore.

Hello @Sam_uk, RBAC is available to self-hosters on the Enterprise plan, and on for users who buy the Advanced plan.

Let me discuss this with the team :raised_hands:

Yes, that’s correct. A ‘member’ can delete a table or even an entire database, but it can be restored from the trash for 3 days if nobody performs ‘Empty this workspace’s trash’.

1 Like

Thanks. I feel like there are many use cases where people would put up with some inconvenience (re-do the table, restore from backup etc) but all users being able to do a complete hard delete would make it useful only for single-user instances IMHO.

Does Airtable allow any user to delete the database on their free version?

I don’t think Airtable works the same way, but I’m going to double check it.

Hello @Sam_uk, here is a quick update on this request: we are not going to offer RBAC in the free version for now, but we plan to have a deeper discussion/exploration of this topic (especially about deletion rights management). It might take some time until we make any decisions, but I promise to keep you posted on this :raised_hands:

OK, thanks for the update. How about the premium plan? I could probably afford that?

It’s disappointing as I was starting to enjoy Baserow. I guess I’ll try NocoDB instead.

We understand all the drawbacks of allowing every collaborator to delete anything in your entire workspace. And currently, we are considering the option to add a “role for preventing builders from deleting databases and tables” to the Free or Premium plans. We will have one more internal discussion to make a final decision. Thanks for rising this very important topic.

1 Like

Thanks, do you have a sense of when that decision will be made? in light of this, I’ve paused all my Baserow dev work and I have developers evaluating other solutions.

I’ll try to get back to you with a response next week. Hope for your understanding :raised_hands:

1 Like

Hello @Sam_uk. Unfortunately, we can’t answer this question. The problem is that it’s part of a much bigger discussion about the Baserow business model. What we can say for now, is that we’re not going to implement this in the short term, but we’re considering making it possible for free in the future. As soon as we have more updates on this topic, we’ll share them here in the forum.

1 Like

OK thanks for letting me know Automattic seem to do OK with FOSS.

I guess I’ll move to NocoDB in the short term, I’ll keep following Baserow and I hope you find a model that works.

Did you ever re-evaluate the anyone can delete everything security model?

Hey @Sam_uk, no updates on this yet, but I will bring up this question again in the next planning meeting. :raised_hands:

1 Like

Hello @Sam_uk, we have finally decided on this request. We will add a “role for preventing users from deleting databases and tables” to the Free plan.

Here’s the issue to track the progress: Prevent users from deleting table and/or database (#2243) · Issues · Baserow / baserow · GitLab.