Which records each user can see
Use portal data permissions and per-user filters so each person only sees the rows that match their profile, fields, and relationships.
How this fits with permissions
Data Permissions in Portal Settings let you choose which tables portal users can use—and, for each table, whether they see every row or only rows that pass a per-user filter. That is how you keep tenants separate: different users only see their own data (or data linked to them).
For example, clients should only see their own projects, while your internal team can see all projects.
Common filter patterns
How rows are tied to the signed-in user
View own records
Users can only view records where a specific field matches their user ID.
View related records
Users can view records related to records they own.
Team access
Users can view records belonging to their team or organization.
Setting up per-user filters
- Open Portal Settings → Permissions in the portal builder.
- In Data Permissions, pick the table you want to configure.
- Add a per-user filter for that table (or choose all users when every portal user should see all rows in that table).
- Choose a filter type:
- Owner — rows where a field matches the current user.
- Related — rows linked through a relation to the user's own records.
- Custom — define a custom filter expression.
- Select the field (or path) the filter should use.
- Save so the permissions take effect.
Common Patterns
Client Portal
Clients see only their own company's records. Staff see everything.
How to set this up
- Link each portal user to a company or account record (relation field on your users table).
- In Portal Settings → Permissions, for every table clients should see (orders, invoices, tickets, etc.), set a data filter so rows match the current user—directly or through that company link (e.g. order → client → same company as the logged-in user).
- Keep reference tables (statuses, catalogs) on "all users" access if every client should see the same lookup values.
- Use Log in as on the Users tab or Preview as in the portal builder to confirm a client never sees another company's rows.
Sales Territory
Sales reps see only deals in their assigned region.
How to set this up
- Add a region or territory field on the portal user (or linked account) and the same idea on your deals / opportunities table.
- Under Portal Settings → Permissions, filter the deals table so each user only sees rows whose region matches their profile (or matches through a relation you define).
- If territories live in another system, keep them in sync with Data Sync so filters stay accurate.
Manager Hierarchy
Managers see their direct reports' records, employees see only their own.
How to set this up
- Add a manager (or reports-to) relation on your users / staff table so reporting lines are explicit in the data.
- For employees, filter sensitive tables so rows belong to the current user (owner / assignee field equals portal user).
- For managers, use a related-style path in portal data access so they see rows tied to their direct reports—or describe the rule to the AI agent and let it configure the filters.
- Use Preview as with a manager account and an employee account to verify managers get broader access without exposing other teams' data.
Project Access
Users see only projects they're assigned to as team members.
How to set this up
- On Projects, add a relation or multi-value field for team members / assignees that points at portal users (or staff).
- In Portal Settings → Permissions, set the projects table filter so each user only sees projects where they are on the team (or listed as owner).
- For child tables (tasks, files, time entries), filter through the link to project so access follows the same rule.
- See Permission Overview for how per-table rules stack with the users table.