Different members of your team should see different information. For example, say you use Quickbase to run a car dealership. Salespeople need to see their leads. Your service people need to see customer repair appointments. Service workers have no interest in seeing sales leads, but it's no big deal if they do. However, neither group should ever be able to see your employee table's salary field. That info's for your accountant's eyes only. So how do you set up your Quickbase application to meet all these requirements?
Data access guidelines: choosing the right tool for the job
You can easily hide values from (or show specific values to) any user of your application. Quickbase offers you two features to control what users see: roles and reports. The one you use depends upon what you're trying to do.
To decide which tool's right for the job, answer this simple question:
Is your goal to secure data or to focus attention on a particular set of records?
Use roles to implement strict access permissions to your data. Role permission settings can hide sensitive information from people who must not see it. For example, if you open up the employee table's salary field to the entire company, a firestorm would result and you'd be in deep trouble. In this case, you should restrict access to this field using role permission settings. When you deny access with this tool, unauthorized users never get a glimpse of the restricted field. Also use role permissions to control what users can do. For example, you may want a user to be able to view a customer's address but not to modify it.
Show users the data that's important to them. Reports let you display only those records and fields you want, and leave out the rest. This feature is an extraordinarily flexible way to keep staff members on track. For example, a service rep only wants to see customer appointments for the day. You can create a report called My appointments today that automatically shows each rep their own appointments (How? Use matching criteria to specify that Quickbase show only those records where "the current user" is listed in the Assigned To field and where the appointment date is today). Embed this report on a custom "Service" Home page and it'll be the first thing each service rep sees when they open your app.
It's probably no big deal if your service rep wanders into another part of your application sees another rep's appointments or gets a glimpse of sales activities. So, there's no need to restrict access to these areas. But you probably want to keep this extraneous info out of the rep's way. Well-designed reports are the perfect solution. (Read about reports and learn how to create a report.)
Why you should follow these guidelines
DO NOT try to use reports to control access to sensitive fields or records. This would compromise the security of your data. For instance, even if you don't include the salary field in any reports you've saved, users can still create their own report that includes this field. However, if you use role permissions to deny access, users in these roles won't even know this field exists. If your application contains confidential information, put Quickbase's powerful access controls to use. (Read more.)
Likewise, if you implement role permission controls merely to deliver customized information, you'll make your application unnecessarily complex and difficult to manage. It's like using a sledgehammer to crack open a nut. Reports are much more versatile and effective filters than permission restrictions.