In Kintone, users can manage access permissions for Apps, Records, and Fields.
This article explains how access permissions can affect record process performance, and introduces the best practices for the workarounds.

For more details on how to manage permissions, refer to the following article on the Kintone Help Site:
Managing Permissions

In Kintone Apps, a process called Preliminary Evaluation of Permissions is used to minimize performance issues resulting from setting permissions. This process evaluates permissions when records are saved, instead of evaluating them when record data are retrieved. When records are saved, permission evaluations are executed a number of times equal to Number of Records x Number of Permission Settings x Number of Users/Departments/Groups with Permissions. The evaluation data result is then stored in the database.

When record data are retrieved, the permission evaluation process is skipped, and the system only needs to check the evaluation data result stored in the database. This results in a much quicker response for data retrieval.

Due to how the Preliminary Evaluation of Permissions is calculated, when there are too many records and access permissions in the App, the evaluation data result will become large. The larger the stored evaluation data, the longer it will take for record list pages to load the data.

Furthermore, the following conditions can cause a more significant impact on performance:

• Large amount of concentrated requests for record retrieval and record update processes
• Bulk record retrieval or bulk record update requests using CSV files or Kintone REST API.

The following cases introduce scenarios where permissions impact performance.

App in use

Customer Support App

Operation Status

• The company has 40 operators, each operator managing 20-30 inquiries per day.
• Many access permissions are set to fields and records, to protect privacy.
• After 5 years, the number of records reached close to 1 million records.

Encountered Problem

Initially, there was no problem with the App. But gradually, the Record List page started to take longer and longer to process.

Explanation

In this case, by operating on the same App for many years, the number of records increased to nearly 1 million records.

Initially when operating the App, having many permissions will not show any obvious issues for the users. But the issue will become apparent after operating on the App for a while, and adding in many records.

App in use

Sales CRM App

Operation Status

• Department X uses a Sales CRM App to manage sales. After a few years, the number of records grew to a few hundred thousand.
• Department Y wants to manage sales in the same App.
• Following department Y joining, many permissions for records and fields were set because managers and employees had different access permissions to sales orders they were not in charge of.

Encountered Problem

As a result, the display of the Record List page got significantly slower compared with before department Y joined.

Explanation

The permission settings became more complex as the number of users increased, causing the performance to slow down. Expanding an existing App to be used with other departments may cause problems for the existing users, and may require immediate action.

App in use

Sales CRM App

Operation Status

• The company has 1,000 employees using 1 App.
• Users check each record's progress daily at the start of the workday.
• A plug-in using Kintone REST APIs is applied to the App. Due to this, the App needs a few seconds to display the Record List page.
• Due to changes in company policy for managing Sales data, the number of settings for record permissions and field permissions has recently increased.

Encountered Problem

The time required to run Kintone REST APIs on the Record List page increased by a few seconds. Additionally, at the start of the workday, many Kintone REST API processes piled up due to this App's usage. This caused the environment to exceed the maximum number of simultaneous connections, resulting in errors.

Explanation

Even if the permissions are not complex, bulk requests using the Kintone REST API and concentrated access can significantly impact the performance.

As previously mentioned, the preliminary evaluation of permissions is executed a number of times equal to Number of Records x Number of Permission Settings x Number of Users/Departments/Groups with Permissions, and the results are saved in the database.
Therefore, reducing the following variables can reduce the time of the evaluation:

• Number of Records
• Number of Permission Settings
• Number of Users/Departments/Groups with Permissions

When there are many permissions for records and fields, consider whether they can be substituted with permissions for Spaces and Apps. Also consider deleting unnecessary permissions.

Below are some examples and best practices for setting permissions.

Example 1: Using a company-wide App with view permissions

Situation

The company uses a company-wide Announcement App, and view permissions are set according to departments and job titles.

Solution

Create Apps for each scope of use, such as the Company-wide Announcement App and Department Announcement App. Control the App's visibility using App permissions.

Example 2: A specific field can only be edited by a specific job title

Situation

In a Daily Report App, permissions has been set to allow only the manager to edit the "Manager comment" field.

Solution

• Use Labels or Field groups to make clear which are the input fields.
• Use plug-ins, integrations, or customizations to control the display of the "Manager comment" field to appear only when the Manager logs in.

Example 3: Different departments can only view fields related to them

Situation

• The Sales and Finance departments use an Order Management App.
• Permissions are set for each field to display only required fields for each department.

Solution

• Use Label or Field group to make clear which fields will be inputted by each department.
• Use plug-ins, integrations, or customizations to separate which fields to display for each department.
• Separate Apps for the Sales and Finance department. Relate the two Apps using the App Actions feature and/or Related records fields.

The number of "Users/Departments/Groups with Permissions" can significantly increase when the following occurs:

• Setting many Users/Departments/Groups for the Record Permissions or Field Permissions.
• Setting Record Permissions or Field Permissions using the "Add a field for selection" option.

Setting many Users/Departments/Groups for the Record Permissions or Field Permissions

Confirm that there are no unnecessary permissions for users, departments, or groups.

For example, when only department managers can view a specific field, consider adding a "Managers" group and set the group in the permission setting.

• Before: Each manager is set in the permission settings at a user level

  

• After: The "Managers" group is set in the permission settings

  

Setting Record Permissions or Field Permissions using the "Add a field for selection" option

The "Add a field for selection" option enables permission to be set to a user or department selected for the field in each record, rather than to a specific user or department.

For more information, refer to the following article on the Kintone Help Site:
Tips: Specifying the "User selection" or "Department selection" field in the setting

This helpful feature allows only specified users to view a record. However, since the target is different for each record, the number of "Users/Department/Groups with Permissions" involved in the Preliminary Evaluation of Permissions increases every time a new record is added.

As shown below, the permission setting itself is simple.

However, since users and departments can be added to each record, the number of "Users/Departments/Groups with Permissions" increases.

In this article, we introduced the access permissions specific for Kintone, highlighting cases where caution is needed and how to optimize the settings. As the number of entities being evaluated for access permissions increases, it can potentially affect not only App modifications but also record operations such as viewing, creating, deleting, and batch processing. We hope this article serves as a helpful reference for designing access permission settings with performance in mind, enabling you to use Kintone more comfortably.