Retool is a good platform to speed up your internal development and shift from paper-operated business or even GSheets (yes, we know a lot about you!) to the all-digital interactive environment, where data flows freely and quickly. While you can visualize your data with ease and manage them effectively in Retool, a security question is also in focus. The platform provides pretty flexible ways to manage user permissions, assign user roles, and protect apps and resources from unauthorized use – not all the employees should be able to see all the data, correct?
In addition to that, recently a client of ours came with an urgent need to build an external dashboard. While operating on the same dataset, these apps should also solve two main problems before going live: how to distinguish an external user from an internal one and how to protect the company's data not to expose anything sensitive to the whole world. What ways to solve these tasks in Retool have we found?
External User Management
We’ll start from the first question. What’s the way to manage your external accounts? First of all, you need to upgrade to the Business plan. It might look costly, but gives you a number of important features: you can create multiple environments, have global app color themes, remove all the default branding, use a custom domain, and automatically assign your external users to the special permission group on a lower seat price.
Let’s estimate costs of external users for you, depending on the number of people you are going to invite to your instance.
The Retool Business plan costs $65 per developer or administrator. A regular user from the internal team costs $18. For end-users that do not belong to your organization, Retool offers an ‘External Users Tier’. The first 249 external users will cost $10 each ($2490), and then users from 250 to 499 will cost $7 per one ($2490 + $1743 = $4233 ). Starting from 500, you can get all the user seats for free—let’s say 1000 users will cost you $0 ($4233).
To make it more visible:
What’s good about these special pricing tier, except the… price itself? Well, you can specify which domains are internal and belong to your company, and all the invited users that have emails on different domains, will be automatically added to the built-in External Users group. It means that you configure permissions for External Users and the company's internal domain, and then just send out invitations. Voila!
You can find a detailed guide following this link.
Data Management and Safety
While we have to set up automated user management, we still need to make sure that externals see only the data that they are allowed to see. How to achieve this? We need to store and manage additional information to map users to companies and their data. Imagine, you have a table called ‘clients’ that holds all the data about your clients—and all other data tables refer to it using the client_id foreign key, to say. Also we have users with some emails outside our company. How to link these datasets? Let’s add an additional table called client_domains. It might have just three columns: primary key (id), foreign key (client_id), and the string field to store a domain name (domain).
The data inside this mapping table can be managed manually using a simple app, or you can grab it from your CRM systems, etc. automatically using workflows.
It’s better to have this mapping table next to your data as long as you will be able to use SQL joins to filter the data based on a user email. And this is a pretty safe approach: SQL is run on the backend side, and having the ‘Protect Queries from Variable Spoofing’ feature enabled by default, we are sure that {{current_user.email}} reference in a query is replaced by a real email of a user that triggers it.
Read more about spoofing protection here.
Development Approaches
The most interesting and challenging part in the client’s request that gave a start to this article was that the client wanted to have the same dashboards for internal and external users to be developed in parallel.
The first (and very obvious) move for us was to fork the existing internal app in its actual stage, modify it to limit data fetching based on external user email-company relationship, and then develop two apps in parallel.
It might work, and sometimes it’s the right approach. However, the source (internal) app at that moment was in the early development only, we were only figuring out how to better design it, and the timeframe was limited (less than a week, to say), so we switched to another option—we added a logic to distinguish external users and fetch only their data, if an app is opened by an external user.
To achieve this, we needed to inject a check in all the SQL queries we work with. If a user belongs to the ‘External Users’ group, an additional WHERE condition was fired to get the client_id based on the user’s email domain – and then this client_id was used in all the JOINs to filter out the data.
This is a pretty simple but safe approach. However, it might be tricky, as you have to make sure that if a user is classified as external, but no cliend_id is returned based on their email, your data queries should return nothing (and not all the unfiltered data).
The last question here is how to modify the UI based on the user role. For better manageability, we divided all the UI parts into logical groups—sometimes it was just a control, sometimes it was a group of controls, gave them friendly names (‘campaigns_container’, ‘campaigns_total_votes’, ‘users_active’, ‘users_return’ as examples), and saved this data to a special table with bool columns with one row. This approach is very similar to that we use in a flexible report config example.
If a user is external, an additional query is fired that grabs the current UI parts availability—and then this data is used in the ‘Hidden’ prop of components on the canvas. How to make the remaining components take all the width remaining? Use a brand new Retool component called ‘Stack’.
Here to help
We hope that this guide will make your life easier and give you some useful advice. If you have any questions, or maybe additions to the topic, feel free to reach me or any of the Akveo representatives. Let’s find the best approaches possible together.
---
Dmitry is the Head of Low-Code Department at Akveo. With a rich background in media and marketing, Dmitry brings an extraordinary look at the world of IT technologies. He is deeply passionate about finding the most effective and elegant solutions to complex client problems. In our blog articles, Dmitry will share his expertise in Retool and other low-code platforms to offer you valuable insights on Retool to enhance business process efficiency.
We already discusses with him how to use Retool Workflows, how to improve application security, how to schedule changes, how to generate and send email reports, what is Retool Database, and how to work with Retool Dynamic Tables. More topics are coming. Stay tuned!
Building Reconciliation Tool for e-commerce company
Our client was in need of streamlining and simplifying its monthly accounting reconciliation process – preferably automatically. But with a lack of time and low budget for a custom build, development of a comprehensive software wasn’t in the picture. After going through the case and customer’s needs, we decided to implement Retool. And that was the right choice.
The scope of work
Our team developed a custom reconciliation tool designed specifically for the needs of high-volume transaction environments. It automated the processes and provided a comprehensive dashboard for monitoring discrepancies and anomalies in real-time.
The implementation of Retool significantly reduced manual effort, as well as fostered a more efficient and time-saving reconciliation process.
Creating Retool Mobile App for a Wine Seller
A leading spirits and wine seller in Europe required the development of an internal mobile app for private client managers and administrators. The project was supposed to be done in 1,5 months. Considering urgency and the scope of work, our developers decided to use Retool for swift and effective development.
The scope of work
Our developers built a mobile application tailored to the needs of the company's sales force: with a comprehensive overview of client interactions, facilitated order processing, and enabled access to sales history and performance metrics. It was user-friendly, with real-time updates, seamlessly integrated with existing customer databases.
The result? Increase in productivity of the sales team and improved decision-making process. But most importantly, positive feedback from the customers themselves.
Developing PoC with Low Code for a Tour Operator
To efficiently gather, centralize, and manage data is a challenge for any tour operator. Our client was not an exception. The company was seeking to get an internal software that will source information from third-party APIs and automate the travel itinerary creation process. Preferably, cost- and user-friendly tool.
The scope of work
Our experts ensured the client that all the requirements could be covered by Retool. And just in 40 hours a new software was launched. The tool had a flexible and easy-to-use interface with user authentication and an access management system panel – all the company needed. At the end, Retool was considered the main tool to replace the existing system.
Testing New Generation of Lead Management Tool with Retool
Our client, a venture fund, had challenges with managing lead generation and client acquisition. As the company grew, it aimed to attract more clients and scale faster, as well as automate the processes to save time, improve efficiency and minimize human error. The idea was to craft an internal lead generation tool that will cover all the needs. We’ve agreed that Retool will be a perfect tool for this.
The scope of work
The project initially began as a proof of concept, but soon enough, with each new feature delivered, the company experienced increased engagement and value.
We developed a web tool that integrates seamlessly with Phantombuster for data extraction and LinkedIn for social outreach. Now, the company has a platform that elevates the efficiency of their lead generation activities and provides deep insights into potential client bases.
Building an Advanced Admin Portal for Streamlined Operations
Confronted with the need for more sophisticated internal tools, an owner of IP Licensing marketplace turned to Retool to utilize its administrative functions. The primary goal was to construct an advanced admin portal that could support complex, multi-layered processes efficiently.
The scope of work
Our client needed help with updating filters and tables for its internal platform. In just 30 hours we've been able to update and create about 6 pages. Following features were introduced: add complex filtering and search, delete records, styling application with custom CSS.
Together, we have increased performance on most heavy pages and fixed circular dependency issues.
Creating MVP Dashboard for Google Cloud Users
Facing the challenge of unoptimized cloud resource management, a technology firm working with Google Cloud users was looking for a solution to make its operations more efficient. The main idea of the project was to create an MVP for e-commerce shops to test some client hypotheses. Traditional cloud management tools fell short.
The scope of work
Determined to break through limitations, our team of developers turned Retool. We decided to craft an MVP Dashboard specifically for Google Cloud users. This wasn't just about bringing data into view; but about reshaping how teams interact with their cloud environment.
We designed a dashboard that turned complex cloud data into a clear, strategic asset thanks to comprehensive analytics, tailored metrics, and an intuitive interface, that Retool provides. As the results, an increase in operational efficiency, significant improvement in cost management and resource optimization.
Elevating CRM with Custom HubSpot Sales Dashboard
Our other client, a SaaS startup, that offers collaborative tools for design and engineering teams, was on a quest to supercharge their sales efforts. Traditional CRM systems were limited and not customizable enough. The company sought a solution that could tailor HubSpot to their workflow and analytics needs.
The scope of work
Charged with the task of going beyond standard CRM functions, our team turned to Retool. We wanted to redefine how sales teams interact with their CRM.
By integrating advanced analytics, custom metrics, and a user-friendly interface, our developers provided a solution that transformed data into a strategic asset.
In 40 hours, three informative dashboards were developed, containing the most sensitive data related to sales activities. These dashboards enable our customer to analyze sales and lead generation performance from a different perspective and establish the appropriate KPIs.
Building a PDF Editor with Low-Code
Our client, a leading digital credential IT startup, needed a lot of internal processes to be optimized. But the experience with low-code tools wasn’t sufficient. That’s why the company decided to hire professionals. And our team of developers joined the project.
The scope of work
The client has a program that designs and prints custom badges for customers. The badges need to be “mail-merged” with a person’s info and turned into a PDF to print. But what is the best way to do it?
Our developers decided to use Retool as a core tool. Using custom components and JavaScript, we developed a program that reduced employees' time for designing, putting the data, verifying, and printing PDF badges in one application.
As a result, the new approach significantly reduces the time required by the internal team to organize all the necessary staff for the conference, including badge creation.
