Open sharat87 opened 3 years ago
@sharat87 @Nikhil-Nandagopal
@areyabhishek agreed with the solution but I'm wondering if this should be in our community edition because the use case seems geared towards medium-large teams. I'm for simple invites and easy access within small teams for our CE
The analogy here is that if you invited guests to a party but they could invite others to the party, the host wouldn't be able to control how many will be at the party.
This will be handled in the current RBAC implementation.
Bump as another user (Amherst) asked for this in today's call.
I wanted to leave my use case / story here having encountered this issue.
I recently decided to give Appsmith a try for creating a small internal tool which would only be used by a few users, very briefly, only a handful of times per month. Before committing to Appsmith for this project I had a conversation with the sales team on pricing for the business edition just a couple weeks ago because I noticed all of the default roles allowed ordinary users to invite others to use the app, from that meeting my expectation was that considering our expected usage, we could use the business edition for almost nothing. As I understand it, Appsmith's expressed purpose is for the development of internal tooling. Personally I can't think of any internal tool where it would be desirable to allow ordinary users to be able to invite others, but I'll take it on faith such a use case exists, however in our case this would be overtly dangerous.
Unfortunately just a few days ago the pricing model of the business edition has changed to include a minimum of 40$/mo. While I don't see that as being unreasonable generally, for our current use case, it's unfortunately not an option and has been rejected by the decision makers. So that puts me in an unfortunate position, having spent the last couple weeks learning Appsmith and creating this tool, to have the carpet pulled out from under us. So that leaves me with two choices, hack up my app the best I can to reduce the likelihood of it's misuse (remove the top bar that includes the share button, add a custom menu to every page instead since disabling the top bar where the sharing button is, also disables the menu). Or toss out what I've done and create something from scratch in Django or whatever.
I don't need or want the sharing function, at all. The pricing model change effectively pushes out small seldom used projects that also need at least a minimal level of security. In light of this I would request that either a new default role is added which is equivalent to "App Viewer" but with the sharing feature disabled. Or a global option that disables the sharing feature for everyone that isn't an administrator.
@Entelin thank you for sharing your anecdote with us. Would you be open to a quick call with me? I'd like to understand your pain a little better https://calendly.com/appsmith-nikhil/30min
Today, inviting someone to an organization as a Viewer, will give them permission to invite more viewers. There's no granular control over these two permissions.
Being able to invite only as a viewer and not letting them invite more people is a powerful control and helps people invite others as viewers more freely.
Request from community, quoted verbatim below:
Front conversations