Providing 3rd parties access to only certain tables
![jackb](https://us.v-cdn.net/6037124/uploads/userpics/YBRHMJFHPWSW/nYNFTVGZ5UZZS.jpeg)
hi there,
We have a HIPAA compliant app where only some tables store sensitive information. We’d like to use something like Retool for internal tooling.
I’d like to permission only certain tables to a 3rd party to maintain HIPAA compliance. Is there a way to do that? To my understanding, Xano can generate read only or read/write tokens, but’s it’s all or nothing across your tables.
Perhaps @Michael Udinski you would know? Saw some of your videos on tokens. Thanks!
Best Answer
-
@jackb correct, for the metadata API access is only at the database level. And yes RBAC for your Xano team members is across a database per workspace.
Answers
-
Hey @jackb — just to clarify, when you say 3rd parties to access only certain tables. Do you mean a 3rd party API to only access data from certain tables?
-
@Michael Udinski yes, I'm referring to the Metadata API. Ideally, I'd like to create an access token that only provides third parties with access to certain tables. Even with RBAC, it seems to still be 'all or nothing' across the entire database.
Is this accurate? There is no way to provide access to only certain tables?
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback