If I have some tables that my “clients” should never see, what is the best way to set this up?
If I have no permissions, I guess they could theoretically access everything with the right URL. So do I add permission for my “client” role (this is the only role that is not internal), then just add some “Users can only access records if…” criteria that will never be met?
Thanks!
Are all of your internal users data admins?
If yes, then you just need to enable permissions for the table, and you wouldn’t even need to setup a rule - there would just be a warning that some roles don’t have access to that type.
If the team members are not data admins (“Can see all data”) then you would just setup a permission rule for them, but not the client.
Hey Darragh, thanks for the reply. Yes, I have x2 internal roles, both of which are data admin.
The issue is when I enable permissions for a table, there is already a default rule there for the external (Client) role type. And I can’t delete it as permissions need at least one role. And I cannot set-up rules for the internal roles as they have data admin permissions!
Hence arriving at the conclusion I might need to set-up a rule for Client role that is never met.
I hope that makes some sense 
Ah you’re right!
Another thing you can do is setup another role, like ‘Empty Role’ and assign that the permission rule, and leave your clients role without a rule
Great, thanks Darragh!
Some sort of switch for “only internal user access” would be great, but sounds like this doesn’t come up too much! Although might do if people use HubSpot data quite a lot, which is where I’m looking; keeping my main client facing app and internal sales data in one place, which has a lot of advantages around moving deals when users do certain things. Ultimately I’d like to seperate them out using your spaces function, but need to get onto Enterprise first!