Skip to main content
Swifty
Back to Blog
access control permissions security configuration

Dynamic Access Rules

Swifty Team Aug 20, 2025 2 min read

Static roles answer a limited question: what can this type of user do? But real business access control often needs to answer a harder question: what can this user do to this specific record, in this specific state?

Dynamic access rules address that distinction.

Beyond Role-Based Access

Role-based access control is a good starting point. An admin can do more than a standard user. A manager has permissions a staff member doesn't.

But role-only access fails common business scenarios. A user who created a record should be able to edit it even if their role is read-only for that object type. An invoice in "draft" status should be editable; the same invoice in "approved" status should not. A record assigned to a specific team member should be modifiable only by that member, not by others with the same role.

These are record-level and state-based conditions that role permissions can't express cleanly.

How Dynamic Rules Work

Access rules in Swifty can now reference properties of the record being accessed, not just the identity of the user accessing it.

Rules can check:

  • Current status: Draft records allow editing; approved records are read-only
  • Record ownership: Only the assigned user can edit; others can view
  • Related fields: Access conditional on a related record's state
  • Combined conditions: Multiple conditions combined with AND/OR logic

Rules are defined as part of the object configuration. They apply consistently across the platform — the same rule that prevents editing an approved invoice in the detail view also prevents it via the API.

Configurable Without Code

Dynamic rules are defined through the platform's configuration system, not hardcoded logic. Changing a rule takes effect immediately, without deploying anything.

This means access policies can evolve as your process evolves — tightening permissions as workflows mature, adjusting who can approve what as teams change, without waiting for a development cycle.

Access control that matches how your business actually works, rather than the simplified version that a static role list can approximate.

Related posts

Composed Data Sources

Chain and relate data sources for rich dashboards — compose complex data views from simpler sources without writing code.

Computed Expressions

Transform data with template expressions and built-in functions — format, combine, and derive values from your data without code.

Cross-Source Data Joins

Combine data from multiple sources in one view — join records from your database with data from external services using a shared key.