Back
Can't grant Permission.read() for another user - what's the solution?
I'm building a therapist-client app. When a client creates a document, how do I give their therapist read access?
The Problem
TypeScript
// Client creates a document
databases.createDocument(
permissions: [
Permission.read(Role.user(clientId)), // ✅ Works
Permission.read(Role.user(therapistId)), // ❌ Error: Can't grant permission for another user
]
)
I can only grant permissions I already have. The client can't grant permissions on behalf of the therapist.
My Situation
- 1000 clients
- Each client has 1 assigned therapist
- Clients create ~10 documents per day
- Therapists should ONLY see their assigned clients (not other therapists' clients)
What Should I Use?
Option 1: Cloud Function
- Run a function every time a client creates a document
- Function adds therapist permission using Server SDK
- Problem: 10,000 function calls per day = expensive
Option 2: Teams
- Create a team for each client-therapist pair
- Use
Role.team(teamId)for permissions - Problem: Is 1000 teams too many? Will it be slow?
Option 3: Server Function for Reads
- Clients create docs with only their own permissions
- Therapists call a function to fetch data
- Function validates and returns data using Server SDK
- Problem: Adds latency when therapist views data
Option 4: Anything else?
My Question
Which approach is best? Are 1000 teams okay, or should I use functions?
TL;DR
Developers building a therapist-client app are struggling to grant read permission for therapists when clients create documents. They have considered options like using cloud functions, creating teams for each client-therapist pair, or implementing server functions for reads. The best approach depends on factors like cost, performance, and data access requirements. They are seeking advice on the most suitable solution for their scenario with 1000 clients and therapists.