Merge branch 'develop' into BUDI-6785-update-to-node-18

2023-08-07 12:32:20 +01:00 · 2023-08-07 12:32:20 +01:00 · 516e2ff09a
parent bf274d8132 0247a6c4cc
commit 516e2ff09a
171 changed files with 3351 additions and 1579 deletions
--- a/.github/workflows/budibase_ci.yml
+++ b/.github/workflows/budibase_ci.yml
@ -25,13 +25,13 @@ jobs:
    steps:
      - name: Checkout repo and submodules
        uses: actions/checkout@v3
-        if: github.repository == github.event.pull_request.head.repo.full_name
+        if: github.repository == 'Budibase/budibase'
        with:
          submodules: true
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN || github.token }}
      - name: Checkout repo only
        uses: actions/checkout@v3
-        if: github.repository != github.event.pull_request.head.repo.full_name
+        if: github.repository != 'Budibase/budibase'

      - name: Use Node.js 18.x
        uses: actions/setup-node@v3
@ -46,13 +46,13 @@ jobs:
    steps:
      - name: Checkout repo and submodules
        uses: actions/checkout@v3
-        if: github.repository == github.event.pull_request.head.repo.full_name
+        if: github.repository == 'Budibase/budibase'
        with:
          submodules: true
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN || github.token }}
      - name: Checkout repo only
        uses: actions/checkout@v3
-        if: github.repository != github.event.pull_request.head.repo.full_name
+        if: github.repository != 'Budibase/budibase'

      - name: Use Node.js 18.x
        uses: actions/setup-node@v3
@ -70,13 +70,13 @@ jobs:
    steps:
      - name: Checkout repo and submodules
        uses: actions/checkout@v3
-        if: github.repository == github.event.pull_request.head.repo.full_name
+        if: github.repository == 'Budibase/budibase'
        with:
          submodules: true
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN || github.token }}
      - name: Checkout repo only
        uses: actions/checkout@v3
-        if: github.repository != github.event.pull_request.head.repo.full_name
+        if: github.repository != 'Budibase/budibase'

      - name: Use Node.js 18.x
        uses: actions/setup-node@v3
@ -96,13 +96,13 @@ jobs:
    steps:
      - name: Checkout repo and submodules
        uses: actions/checkout@v3
-        if: github.repository == github.event.pull_request.head.repo.full_name
+        if: github.repository == 'Budibase/budibase'
        with:
          submodules: true
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN || github.token }}
      - name: Checkout repo only
        uses: actions/checkout@v3
-        if: github.repository != github.event.pull_request.head.repo.full_name
+        if: github.repository != 'Budibase/budibase'

      - name: Use Node.js 18.x
        uses: actions/setup-node@v3
@ -120,7 +120,7 @@ jobs:

  test-pro:
    runs-on: ubuntu-latest
-    if: github.repository == github.event.pull_request.head.repo.full_name
+    if: github.repository == 'Budibase/budibase'
    steps:
      - name: Checkout repo and submodules
        uses: actions/checkout@v3
@ -141,13 +141,13 @@ jobs:
    steps:
      - name: Checkout repo and submodules
        uses: actions/checkout@v3
-        if: github.repository == github.event.pull_request.head.repo.full_name
+        if: github.repository == 'Budibase/budibase'
        with:
          submodules: true
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN || github.token }}
      - name: Checkout repo only
        uses: actions/checkout@v3
-        if: github.repository != github.event.pull_request.head.repo.full_name
+        if: github.repository != 'Budibase/budibase'

      - name: Use Node.js 18.x
        uses: actions/setup-node@v3
@ -155,7 +155,7 @@ jobs:
          node-version: 18.x
          cache: "yarn"
      - run: yarn --frozen-lockfile
-      - run: yarn build
+      - run: yarn build --projects=@budibase/server,@budibase/worker,@budibase/client
      - name: Run tests
        run: |
          cd qa-core
@ -167,7 +167,7 @@ jobs:

  check-pro-submodule:
    runs-on: ubuntu-latest
-    if: github.repository == github.event.pull_request.head.repo.full_name
+    if: github.repository == 'Budibase/budibase'
    steps:
      - name: Checkout repo and submodules
        uses: actions/checkout@v3
@ -191,6 +191,8 @@ jobs:
            base_commit=$(git rev-parse origin/develop)
          fi

+          echo "target_branch=$branch"
+          echo "target_branch=$branch" >> "$GITHUB_OUTPUT"
          echo "pro_commit=$pro_commit"
          echo "pro_commit=$pro_commit" >> "$GITHUB_OUTPUT"
          echo "base_commit=$base_commit"
@ -205,7 +207,7 @@ jobs:
            const baseCommit = '${{ steps.get_pro_commits.outputs.base_commit }}';

            if (submoduleCommit !== baseCommit) {
-              console.error('Submodule commit does not match the latest commit on the develop branch.');
+              console.error('Submodule commit does not match the latest commit on the "${{ steps.get_pro_commits.outputs.target_branch }}"" branch.');
              console.error('Refer to the pro repo to merge your changes: https://github.com/Budibase/budibase-pro/blob/develop/docs/getting_started.md')
              process.exit(1);
            } else {
--- a/.github/workflows/check_unreleased_changes.yml
+++ b/.github/workflows/check_unreleased_changes.yml
@ -0,0 +1,29 @@
+name: check_unreleased_changes
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  check_unreleased:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for unreleased changes
+        env:
+          REPO: "Budibase/budibase"
+          TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+        run: |
+          RELEASE_TIMESTAMP=$(curl -s -H "Authorization: token $TOKEN" \
+              "https://api.github.com/repos/$REPO/releases/latest" | \
+              jq -r .published_at)
+          COMMIT_TIMESTAMP=$(curl -s -H "Authorization: token $TOKEN" \
+              "https://api.github.com/repos/$REPO/commits/master" | \
+              jq -r .commit.committer.date)
+          RELEASE_SECONDS=$(date --date="$RELEASE_TIMESTAMP" "+%s")
+          COMMIT_SECONDS=$(date --date="$COMMIT_TIMESTAMP" "+%s")
+          if (( COMMIT_SECONDS > RELEASE_SECONDS )); then
+              echo "There are unreleased changes. Please release these changes before merging."
+              exit 1
+          fi
+          echo "No unreleased changes detected."
--- a/.gitignore
+++ b/.gitignore
@ -101,8 +101,6 @@ packages/builder/cypress.env.json
 packages/builder/cypress/reports
 stats.html

-# TypeScript cache
-*.tsbuildinfo

 # plugins
 budibase-component
--- a/charts/budibase/templates/app-service-deployment.yaml
+++ b/charts/budibase/templates/app-service-deployment.yaml
@ -201,25 +201,24 @@ spec:

        image: budibase/apps:{{ .Values.globals.appVersion | default .Chart.AppVersion }}
        imagePullPolicy: Always
+        {{- if .Values.services.apps.startupProbe }}
+        {{- with .Values.services.apps.startupProbe }}
+        startupProbe:
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.services.apps.livenessProbe }}
+        {{- with .Values.services.apps.livenessProbe }}
        livenessProbe:
-          httpGet:
-            path: /health
-            port: {{ .Values.services.apps.port }}
-          initialDelaySeconds: 10
-          periodSeconds: 5
-          successThreshold: 1
-          failureThreshold: 3
-          timeoutSeconds: 3
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.services.apps.readinessProbe }}
+        {{- with .Values.services.apps.readinessProbe }}
        readinessProbe:
-          httpGet:
-            path: /health
-            port: {{ .Values.services.apps.port }}
-          initialDelaySeconds: 5
-          periodSeconds: 5
-          successThreshold: 1
-          failureThreshold: 3
-          timeoutSeconds: 3
-
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
        name: bbapps
        ports:
        - containerPort: {{ .Values.services.apps.port }}
--- a/charts/budibase/templates/proxy-service-deployment.yaml
+++ b/charts/budibase/templates/proxy-service-deployment.yaml
@ -40,24 +40,24 @@ spec:
      - image: budibase/proxy:{{ .Values.globals.appVersion | default .Chart.AppVersion }}
        imagePullPolicy: Always
        name: proxy-service
+        {{- if .Values.services.proxy.startupProbe }}
+        {{- with .Values.services.proxy.startupProbe }}
+        startupProbe:
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.services.proxy.livenessProbe }}
+        {{- with .Values.services.proxy.livenessProbe }}
        livenessProbe:
-          httpGet:
-            path: /health
-            port: {{ .Values.services.proxy.port }}
-          initialDelaySeconds: 0
-          periodSeconds: 5
-          successThreshold: 1
-          failureThreshold: 2
-          timeoutSeconds: 3
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.services.proxy.readinessProbe }}
+        {{- with .Values.services.proxy.readinessProbe }}
        readinessProbe:
-          httpGet:
-            path: /health
-            port: {{ .Values.services.proxy.port }}
-          initialDelaySeconds: 0
-          periodSeconds: 5
-          successThreshold: 1
-          failureThreshold: 2
-          timeoutSeconds: 3
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
        ports:
        - containerPort: {{ .Values.services.proxy.port }}
        env:
--- a/charts/budibase/templates/worker-service-deployment.yaml
+++ b/charts/budibase/templates/worker-service-deployment.yaml
@ -190,24 +190,24 @@ spec:
        {{ end }}
        image: budibase/worker:{{ .Values.globals.appVersion | default .Chart.AppVersion }}
        imagePullPolicy: Always
+        {{- if .Values.services.worker.startupProbe }}
+        {{- with .Values.services.worker.startupProbe }}
+        startupProbe:
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.services.worker.livenessProbe }}
+        {{- with .Values.services.worker.livenessProbe }}
        livenessProbe:
-          httpGet:
-            path: /health
-            port: {{ .Values.services.worker.port }}
-          initialDelaySeconds: 10
-          periodSeconds: 5
-          successThreshold: 1
-          failureThreshold: 3
-          timeoutSeconds: 3
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.services.worker.readinessProbe }}
+        {{- with .Values.services.worker.readinessProbe }}
        readinessProbe:
-          httpGet:
-            path: /health
-            port: {{ .Values.services.worker.port }}
-          initialDelaySeconds: 5
-          periodSeconds: 5
-          successThreshold: 1
-          failureThreshold: 3
-          timeoutSeconds: 3
+            {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- end }}
        name: bbworker
        ports:
        - containerPort: {{ .Values.services.worker.port }}
--- a/charts/budibase/values.yaml
+++ b/charts/budibase/values.yaml
@ -119,15 +119,37 @@ services:
    port: 10000
    replicaCount: 1
    upstreams:
-      apps: 'http://app-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.apps.port }}'
-      worker: 'http://worker-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.worker.port }}'
-      minio: 'http://minio-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.objectStore.port }}'
-      couchdb: 'http://{{ .Release.Name }}-svc-couchdb:{{ .Values.services.couchdb.port }}'
+      apps: "http://app-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.apps.port }}"
+      worker: "http://worker-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.worker.port }}"
+      minio: "http://minio-service.{{ .Release.Namespace }}.svc.{{ .Values.services.dns }}:{{ .Values.services.objectStore.port }}"
+      couchdb: "http://{{ .Release.Name }}-svc-couchdb:{{ .Values.services.couchdb.port }}"
    resources: {}
-#    annotations:
-#      co.elastic.logs/module: nginx
-#      co.elastic.logs/fileset.stdout: access
-#      co.elastic.logs/fileset.stderr: error
+    startupProbe:
+      httpGet:
+        path: /health
+        port: 10000
+        scheme: HTTP
+      failureThreshold: 30
+      periodSeconds: 3
+    readinessProbe:
+      httpGet:
+        path: /health
+        port: 10000
+        scheme: HTTP
+      enabled: true
+      periodSeconds: 3
+      failureThreshold: 1
+    livenessProbe:
+      httpGet:
+        path: /health
+        port: 10000
+        scheme: HTTP
+      failureThreshold: 3
+      periodSeconds: 5
+  #    annotations:
+  #      co.elastic.logs/module: nginx
+  #      co.elastic.logs/fileset.stdout: access
+  #      co.elastic.logs/fileset.stderr: error

  apps:
    port: 4002
@ -135,23 +157,67 @@ services:
    logLevel: info
    httpLogging: 1
    resources: {}
-#    nodeDebug: "" # set the value of NODE_DEBUG
-#    annotations:
-#      co.elastic.logs/multiline.type: pattern
-#      co.elastic.logs/multiline.pattern: '^[[:space:]]'
-#      co.elastic.logs/multiline.negate: false
-#      co.elastic.logs/multiline.match: after
+    startupProbe:
+      httpGet:
+        path: /health
+        port: 4002
+        scheme: HTTP
+      failureThreshold: 30
+      periodSeconds: 3
+    readinessProbe:
+      httpGet:
+        path: /health
+        port: 4002
+        scheme: HTTP
+      enabled: true
+      periodSeconds: 3
+      failureThreshold: 1
+    livenessProbe:
+      httpGet:
+        path: /health
+        port: 4002
+        scheme: HTTP
+      failureThreshold: 3
+      periodSeconds: 5
+  #    nodeDebug: "" # set the value of NODE_DEBUG
+  #    annotations:
+  #      co.elastic.logs/multiline.type: pattern
+  #      co.elastic.logs/multiline.pattern: '^[[:space:]]'
+  #      co.elastic.logs/multiline.negate: false
+  #      co.elastic.logs/multiline.match: after
  worker:
    port: 4003
    replicaCount: 1
    logLevel: info
    httpLogging: 1
    resources: {}
-#    annotations:
-#      co.elastic.logs/multiline.type: pattern
-#      co.elastic.logs/multiline.pattern: '^[[:space:]]'
-#      co.elastic.logs/multiline.negate: false
-#      co.elastic.logs/multiline.match: after
+    startupProbe:
+      httpGet:
+        path: /health
+        port: 4003
+        scheme: HTTP
+      failureThreshold: 30
+      periodSeconds: 3
+    readinessProbe:
+      httpGet:
+        path: /health
+        port: 4003
+        scheme: HTTP
+      enabled: true
+      periodSeconds: 3
+      failureThreshold: 1
+    livenessProbe:
+      httpGet:
+        path: /health
+        port: 4003
+        scheme: HTTP
+      failureThreshold: 3
+      periodSeconds: 5
+  #    annotations:
+  #      co.elastic.logs/multiline.type: pattern
+  #      co.elastic.logs/multiline.pattern: '^[[:space:]]'
+  #      co.elastic.logs/multiline.negate: false
+  #      co.elastic.logs/multiline.match: after

  couchdb:
    enabled: true
--- a/lerna.json
+++ b/lerna.json
@ -1,5 +1,5 @@
 {
-  "version": "2.8.29-alpha.6",
+  "version": "2.8.32-alpha.3",
  "npmClient": "yarn",
  "packages": [
    "packages/*"
--- a/nx.json
+++ b/nx.json
@ -3,19 +3,10 @@
    "default": {
      "runner": "nx-cloud",
      "options": {
-        "cacheableOperations": ["build", "test"],
+        "cacheableOperations": ["build", "test", "check:types"],
        "accessToken": "MmM4OGYxNzItMDBlYy00ZmE3LTk4MTYtNmJhYWMyZjBjZTUyfHJlYWQ="
      }
    }
  },
-  "targetDefaults": {
-    "dev:builder": {
-      "dependsOn": [
-        {
-          "projects": ["@budibase/string-templates"],
-          "target": "build"
-        }
-      ]
-    }
-  }
+  "targetDefaults": {}
 }
--- a/package.json
+++ b/package.json
@ -36,7 +36,7 @@
    "bootstrap": "./scripts/link-dependencies.sh && echo '***BOOTSTRAP ONLY REQUIRED FOR USE WITH ACCOUNT PORTAL***'",
    "build": "yarn nx run-many -t=build",
    "build:dev": "lerna run --stream prebuild && yarn nx run-many --target=build --output-style=dynamic --watch --preserveWatchOutput",
-    "check:types": "lerna run check:types --skip-nx-cache",
+    "check:types": "lerna run check:types",
    "backend:bootstrap": "./scripts/scopeBackend.sh && yarn run bootstrap",
    "backend:build": "./scripts/scopeBackend.sh 'lerna run --stream build'",
    "build:sdk": "lerna run --stream build:sdk",
@ -51,9 +51,9 @@
    "kill-builder": "kill-port 3000",
    "kill-server": "kill-port 4001 4002",
    "kill-all": "yarn run kill-builder && yarn run kill-server",
-    "dev": "yarn run kill-all && lerna run --stream --parallel dev:builder",
-    "dev:noserver": "yarn run kill-builder && lerna run --stream dev:stack:up && lerna run --stream --parallel dev:builder --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker",
-    "dev:server": "yarn run kill-server && lerna run --stream --parallel dev:builder --scope @budibase/worker --scope @budibase/server",
+    "dev": "yarn run kill-all && lerna run --stream dev:builder",
+    "dev:noserver": "yarn run kill-builder && lerna run --stream dev:stack:up && lerna run --stream dev:builder --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker",
+    "dev:server": "yarn run kill-server && lerna run --stream dev:builder --scope @budibase/worker --scope @budibase/server",
    "dev:built": "yarn run kill-all && cd packages/server && yarn dev:stack:up && cd ../../ && lerna run --stream dev:built",
    "dev:docker": "yarn build:docker:pre && docker-compose -f hosting/docker-compose.build.yaml -f hosting/docker-compose.dev.yaml --env-file hosting/.env up --build --scale proxy-service=0",
    "test": "lerna run --stream test --stream",
--- a/packages/backend-core/jest.config.ts
+++ b/packages/backend-core/jest.config.ts
@ -9,6 +9,7 @@ const baseConfig: Config.InitialProjectOptions = {
  },
  moduleNameMapper: {
    "@budibase/types": "<rootDir>/../types/src",
+    "@budibase/shared-core": ["<rootDir>/../shared-core/src"],
  },
 }

--- a/packages/backend-core/package.json
+++ b/packages/backend-core/package.json
@ -16,12 +16,14 @@
    "prepack": "cp package.json dist",
    "build": "tsc -p tsconfig.build.json",
    "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
+    "check:types": "tsc -p tsconfig.json --noEmit --paths null",
    "test": "bash scripts/test.sh",
    "test:watch": "jest --watchAll"
  },
  "dependencies": {
    "@budibase/nano": "10.1.2",
    "@budibase/pouchdb-replication-stream": "1.2.10",
+    "@budibase/shared-core": "0.0.0",
    "@budibase/types": "0.0.0",
    "@techpass/passport-openidconnect": "0.3.2",
    "aws-cloudfront-sign": "2.2.0",
@ -86,20 +88,5 @@
    "ts-node": "10.8.1",
    "tsconfig-paths": "4.0.0",
    "typescript": "4.7.3"
-  },
-  "nx": {
-    "targets": {
-      "build": {
-        "dependsOn": [
-          {
-            "projects": [
-              "@budibase/types"
-            ],
-            "target": "build"
-          }
-        ]
-      }
-    }
-  },
-  "gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
+  }
 }
--- a/packages/backend-core/src/cache/tests/writethrough.spec.ts
+++ b/packages/backend-core/src/cache/tests/writethrough.spec.ts
@ -36,7 +36,7 @@ describe("writethrough", () => {
          _id: docId,
          value: 1,
        })
-        const output = await db.get(response.id)
+        const output = await db.get<any>(response.id)
        current = output
        expect(output.value).toBe(1)
      })
@ -45,7 +45,7 @@ describe("writethrough", () => {
    it("second put shouldn't update DB", async () => {
      await config.doInTenant(async () => {
        const response = await writethrough.put({ ...current, value: 2 })
-        const output = await db.get(response.id)
+        const output = await db.get<any>(response.id)
        expect(current._rev).toBe(output._rev)
        expect(output.value).toBe(1)
      })
@ -55,7 +55,7 @@ describe("writethrough", () => {
      await config.doInTenant(async () => {
        tk.freeze(Date.now() + DELAY + 1)
        const response = await writethrough.put({ ...current, value: 3 })
-        const output = await db.get(response.id)
+        const output = await db.get<any>(response.id)
        expect(response.rev).not.toBe(current._rev)
        expect(output.value).toBe(3)

@ -79,7 +79,7 @@ describe("writethrough", () => {
          expect.arrayContaining([current._rev, current._rev, newRev])
        )

-        const output = await db.get(current._id)
+        const output = await db.get<any>(current._id)
        expect(output.value).toBe(4)
        expect(output._rev).toBe(newRev)

@ -107,7 +107,7 @@ describe("writethrough", () => {
        })
        expect(res.ok).toBe(true)

-        const output = await db.get(id)
+        const output = await db.get<any>(id)
        expect(output.value).toBe(3)
        expect(output._rev).toBe(res.rev)
      })
@ -130,8 +130,8 @@ describe("writethrough", () => {
        const resp2 = await writethrough2.put({ _id: "db1", value: "second" })
        expect(resp1.rev).toBeDefined()
        expect(resp2.rev).toBeDefined()
-        expect((await db.get("db1")).value).toBe("first")
-        expect((await db2.get("db1")).value).toBe("second")
+        expect((await db.get<any>("db1")).value).toBe("first")
+        expect((await db2.get<any>("db1")).value).toBe("second")
      })
    })
  })
--- a/packages/backend-core/src/constants/db.ts
+++ b/packages/backend-core/src/constants/db.ts
@ -1,5 +1,5 @@
-export const SEPARATOR = "_"
-export const UNICODE_MAX = "\ufff0"
+import { prefixed, DocumentType } from "@budibase/types"
+export { SEPARATOR, UNICODE_MAX, DocumentType } from "@budibase/types"

 /**
 * Can be used to create a few different forms of querying a view.
@ -14,8 +14,6 @@ export enum ViewName {
  USER_BY_APP = "by_app",
  USER_BY_EMAIL = "by_email2",
  BY_API_KEY = "by_api_key",
-  /** @deprecated - could be deleted */
-  USER_BY_BUILDERS = "by_builders",
  LINK = "by_link",
  ROUTING = "screen_routes",
  AUTOMATION_LOGS = "automation_logs",
@ -36,42 +34,6 @@ export enum InternalTable {
  USER_METADATA = "ta_users",
 }

-export enum DocumentType {
-  USER = "us",
-  GROUP = "gr",
-  WORKSPACE = "workspace",
-  CONFIG = "config",
-  TEMPLATE = "template",
-  APP = "app",
-  DEV = "dev",
-  APP_DEV = "app_dev",
-  APP_METADATA = "app_metadata",
-  ROLE = "role",
-  MIGRATIONS = "migrations",
-  DEV_INFO = "devinfo",
-  AUTOMATION_LOG = "log_au",
-  ACCOUNT_METADATA = "acc_metadata",
-  PLUGIN = "plg",
-  DATASOURCE = "datasource",
-  DATASOURCE_PLUS = "datasource_plus",
-  APP_BACKUP = "backup",
-  TABLE = "ta",
-  ROW = "ro",
-  AUTOMATION = "au",
-  LINK = "li",
-  WEBHOOK = "wh",
-  INSTANCE = "inst",
-  LAYOUT = "layout",
-  SCREEN = "screen",
-  QUERY = "query",
-  DEPLOYMENTS = "deployments",
-  METADATA = "metadata",
-  MEM_VIEW = "view",
-  USER_FLAG = "flag",
-  AUTOMATION_METADATA = "meta_au",
-  AUDIT_LOG = "al",
-}
-
 export const StaticDatabases = {
  GLOBAL: {
    name: "global-db",
@ -95,7 +57,7 @@ export const StaticDatabases = {
  },
 }

-export const APP_PREFIX = DocumentType.APP + SEPARATOR
-export const APP_DEV = DocumentType.APP_DEV + SEPARATOR
+export const APP_PREFIX = prefixed(DocumentType.APP)
+export const APP_DEV = prefixed(DocumentType.APP_DEV)
 export const APP_DEV_PREFIX = APP_DEV
 export const BUDIBASE_DATASOURCE_TYPE = "budibase"
--- a/packages/backend-core/src/db/views.ts
+++ b/packages/backend-core/src/db/views.ts
@ -105,16 +105,6 @@ export const createApiKeyView = async () => {
  await createView(db, viewJs, ViewName.BY_API_KEY)
 }

-export const createUserBuildersView = async () => {
-  const db = getGlobalDB()
-  const viewJs = `function(doc) {
-    if (doc.builder && doc.builder.global === true) {
-      emit(doc._id, doc._id)
-    }
-  }`
-  await createView(db, viewJs, ViewName.USER_BY_BUILDERS)
-}
-
 export interface QueryViewOptions {
  arrayResponse?: boolean
 }
@ -223,7 +213,6 @@ export const queryPlatformView = async <T>(
 const CreateFuncByName: any = {
  [ViewName.USER_BY_EMAIL]: createNewUserEmailView,
  [ViewName.BY_API_KEY]: createApiKeyView,
-  [ViewName.USER_BY_BUILDERS]: createUserBuildersView,
  [ViewName.USER_BY_APP]: createUserAppView,
 }

--- a/packages/backend-core/src/environment.ts
+++ b/packages/backend-core/src/environment.ts
@ -1,4 +1,5 @@
 import { existsSync, readFileSync } from "fs"
+import { ServiceType } from "@budibase/types"

 function isTest() {
  return isCypress() || isJest()
@ -83,10 +84,20 @@ function getPackageJsonFields(): {
  }
 }

+function isWorker() {
+  return environment.SERVICE_TYPE === ServiceType.WORKER
+}
+
+function isApps() {
+  return environment.SERVICE_TYPE === ServiceType.APPS
+}
+
 const environment = {
  isTest,
  isJest,
  isDev,
+  isWorker,
+  isApps,
  isProd: () => {
    return !isDev()
  },
@ -153,6 +164,7 @@ const environment = {
  SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
  DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
  BLACKLIST_IPS: process.env.BLACKLIST_IPS,
+  SERVICE_TYPE: "unknown",
  /**
   * Enable to allow an admin user to login using a password.
   * This can be useful to prevent lockout when configuring SSO.
--- a/packages/backend-core/src/events/identification.ts
+++ b/packages/backend-core/src/events/identification.ts
@ -21,6 +21,7 @@ import { processors } from "./processors"
 import { newid } from "../utils"
 import * as installation from "../installation"
 import * as configs from "../configs"
+import * as users from "../users"
 import { withCache, TTL, CacheKey } from "../cache/generic"

 /**
@ -164,8 +165,8 @@ const identifyUser = async (
  const id = user._id as string
  const tenantId = await getEventTenantId(user.tenantId)
  const type = IdentityType.USER
-  let builder = user.builder?.global || false
-  let admin = user.admin?.global || false
+  let builder = users.hasBuilderPermissions(user)
+  let admin = users.hasAdminPermissions(user)
  let providerType
  if (isSSOUser(user)) {
    providerType = user.providerType
--- a/packages/backend-core/src/middleware/adminOnly.ts
+++ b/packages/backend-core/src/middleware/adminOnly.ts
@ -1,10 +1,8 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isAdmin } from "../users"

-export default async (ctx: BBContext, next: any) => {
-  if (
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
-  ) {
+export default async (ctx: UserCtx, next: any) => {
+  if (!ctx.internal && !isAdmin(ctx.user)) {
    ctx.throw(403, "Admin user only endpoint.")
  }
  return next()
--- a/packages/backend-core/src/middleware/builderOnly.ts
+++ b/packages/backend-core/src/middleware/builderOnly.ts
@ -1,10 +1,19 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isBuilder, hasBuilderPermissions } from "../users"
+import { getAppId } from "../context"
+import env from "../environment"

-export default async (ctx: BBContext, next: any) => {
-  if (
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
-  ) {
+export default async (ctx: UserCtx, next: any) => {
+  const appId = getAppId()
+  const builderFn = env.isWorker()
+    ? hasBuilderPermissions
+    : env.isApps()
+    ? isBuilder
+    : undefined
+  if (!builderFn) {
+    throw new Error("Service name unknown - middleware inactive.")
+  }
+  if (!ctx.internal && !builderFn(ctx.user, appId)) {
    ctx.throw(403, "Builder user only endpoint.")
  }
  return next()
--- a/packages/backend-core/src/middleware/builderOrAdmin.ts
+++ b/packages/backend-core/src/middleware/builderOrAdmin.ts
@ -1,12 +1,20 @@
-import { BBContext } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
+import { isBuilder, isAdmin, hasBuilderPermissions } from "../users"
+import { getAppId } from "../context"
+import env from "../environment"

-export default async (ctx: BBContext, next: any) => {
-  if (
-    !ctx.internal &&
-    (!ctx.user || !ctx.user.builder || !ctx.user.builder.global) &&
-    (!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
-  ) {
-    ctx.throw(403, "Builder user only endpoint.")
+export default async (ctx: UserCtx, next: any) => {
+  const appId = getAppId()
+  const builderFn = env.isWorker()
+    ? hasBuilderPermissions
+    : env.isApps()
+    ? isBuilder
+    : undefined
+  if (!builderFn) {
+    throw new Error("Service name unknown - middleware inactive.")
+  }
+  if (!ctx.internal && !builderFn(ctx.user, appId) && !isAdmin(ctx.user)) {
+    ctx.throw(403, "Admin/Builder user only endpoint.")
  }
  return next()
 }
--- a/packages/backend-core/src/middleware/tests/builder.spec.ts
+++ b/packages/backend-core/src/middleware/tests/builder.spec.ts
@ -0,0 +1,180 @@
+import adminOnly from "../adminOnly"
+import builderOnly from "../builderOnly"
+import builderOrAdmin from "../builderOrAdmin"
+import { structures } from "../../../tests"
+import { ContextUser, ServiceType } from "@budibase/types"
+import { doInAppContext } from "../../context"
+import env from "../../environment"
+env._set("SERVICE_TYPE", ServiceType.APPS)
+
+const appId = "app_aaa"
+const basicUser = structures.users.user()
+const adminUser = structures.users.adminUser()
+const adminOnlyUser = structures.users.adminOnlyUser()
+const builderUser = structures.users.builderUser()
+const appBuilderUser = structures.users.appBuilderUser(appId)
+
+function buildUserCtx(user: ContextUser) {
+  return {
+    internal: false,
+    user,
+    throw: jest.fn(),
+  } as any
+}
+
+function passed(throwFn: jest.Func, nextFn: jest.Func) {
+  expect(throwFn).not.toBeCalled()
+  expect(nextFn).toBeCalled()
+}
+
+function threw(throwFn: jest.Func) {
+  // cant check next, the throw function doesn't actually throw - so it still continues
+  expect(throwFn).toBeCalled()
+}
+
+describe("adminOnly middleware", () => {
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    threw(ctx.throw)
+  })
+
+  it("should not allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    adminOnly(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("builderOnly middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+
+  it("should allow admin and builder user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    threw(ctx.throw)
+  })
+
+  it("should not allow app builder user to different app", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext("app_bbb", () => {
+      builderOnly(ctx, next)
+    })
+    threw(ctx.throw)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    builderOnly(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("builderOrAdmin middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow builder and admin user", () => {
+    const ctx = buildUserCtx(adminUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    passed(ctx.throw, next)
+  })
+
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser),
+      next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOrAdmin(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser),
+      next = jest.fn()
+    builderOrAdmin(ctx, next)
+    threw(ctx.throw)
+  })
+})
+
+describe("check service difference", () => {
+  it("should not allow without app ID in apps", () => {
+    env._set("SERVICE_TYPE", ServiceType.APPS)
+    const appId = "app_a"
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: [appId],
+      },
+    })
+    const next = jest.fn()
+    doInAppContext(appId, () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+    doInAppContext("app_b", () => {
+      builderOnly(ctx, next)
+    })
+    threw(ctx.throw)
+  })
+
+  it("should allow without app ID in worker", () => {
+    env._set("SERVICE_TYPE", ServiceType.WORKER)
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: ["app_a"],
+      },
+    })
+    const next = jest.fn()
+    doInAppContext("app_b", () => {
+      builderOnly(ctx, next)
+    })
+    passed(ctx.throw, next)
+  })
+})
--- a/packages/backend-core/src/security/permissions.ts
+++ b/packages/backend-core/src/security/permissions.ts
@ -1,3 +1,5 @@
+import { PermissionType, PermissionLevel } from "@budibase/types"
+export { PermissionType, PermissionLevel } from "@budibase/types"
 import flatten from "lodash/flatten"
 import cloneDeep from "lodash/fp/cloneDeep"

@ -5,25 +7,6 @@ export type RoleHierarchy = {
  permissionId: string
 }[]

-export enum PermissionLevel {
-  READ = "read",
-  WRITE = "write",
-  EXECUTE = "execute",
-  ADMIN = "admin",
-}
-
-// these are the global types, that govern the underlying default behaviour
-export enum PermissionType {
-  APP = "app",
-  TABLE = "table",
-  USER = "user",
-  AUTOMATION = "automation",
-  WEBHOOK = "webhook",
-  BUILDER = "builder",
-  VIEW = "view",
-  QUERY = "query",
-}
-
 export class Permission {
  type: PermissionType
  level: PermissionLevel
@ -173,3 +156,4 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {

 // utility as a lot of things need simply the builder permission
 export const BUILDER = PermissionType.BUILDER
+export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER
--- a/packages/backend-core/src/users/db.ts
+++ b/packages/backend-core/src/users/db.ts
@ -0,0 +1,460 @@
+import env from "../environment"
+import * as eventHelpers from "./events"
+import * as accounts from "../accounts"
+import * as cache from "../cache"
+import { getIdentity, getTenantId, getGlobalDB } from "../context"
+import * as dbUtils from "../db"
+import { EmailUnavailableError, HTTPError } from "../errors"
+import * as platform from "../platform"
+import * as sessions from "../security/sessions"
+import * as usersCore from "./users"
+import {
+  AllDocsResponse,
+  BulkUserCreated,
+  BulkUserDeleted,
+  RowResponse,
+  SaveUserOpts,
+  User,
+  Account,
+  isSSOUser,
+  isSSOAccount,
+  UserStatus,
+} from "@budibase/types"
+import * as accountSdk from "../accounts"
+import {
+  validateUniqueUser,
+  getAccountHolderFromUserIds,
+  isAdmin,
+} from "./utils"
+import { searchExistingEmails } from "./lookup"
+import { hash } from "../utils"
+
+type QuotaUpdateFn = (change: number, cb?: () => Promise<any>) => Promise<any>
+type GroupUpdateFn = (groupId: string, userIds: string[]) => Promise<any>
+type FeatureFn = () => Promise<Boolean>
+type QuotaFns = { addUsers: QuotaUpdateFn; removeUsers: QuotaUpdateFn }
+type GroupFns = { addUsers: GroupUpdateFn }
+type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
+
+const bulkDeleteProcessing = async (dbUser: User) => {
+  const userId = dbUser._id as string
+  await platform.users.removeUser(dbUser)
+  await eventHelpers.handleDeleteEvents(dbUser)
+  await cache.user.invalidateUser(userId)
+  await sessions.invalidateSessions(userId, { reason: "bulk-deletion" })
+}
+
+export class UserDB {
+  static quotas: QuotaFns
+  static groups: GroupFns
+  static features: FeatureFns
+
+  static init(quotaFns: QuotaFns, groupFns: GroupFns, featureFns: FeatureFns) {
+    UserDB.quotas = quotaFns
+    UserDB.groups = groupFns
+    UserDB.features = featureFns
+  }
+
+  static async isPreventPasswordActions(user: User, account?: Account) {
+    // when in maintenance mode we allow sso users with the admin role
+    // to perform any password action - this prevents lockout
+    if (env.ENABLE_SSO_MAINTENANCE_MODE && isAdmin(user)) {
+      return false
+    }
+
+    // SSO is enforced for all users
+    if (await UserDB.features.isSSOEnforced()) {
+      return true
+    }
+
+    // Check local sso
+    if (isSSOUser(user)) {
+      return true
+    }
+
+    // Check account sso
+    if (!account) {
+      account = await accountSdk.getAccountByTenantId(getTenantId())
+    }
+    return !!(account && account.email === user.email && isSSOAccount(account))
+  }
+
+  static async buildUser(
+    user: User,
+    opts: SaveUserOpts = {
+      hashPassword: true,
+      requirePassword: true,
+    },
+    tenantId: string,
+    dbUser?: any,
+    account?: Account
+  ): Promise<User> {
+    let { password, _id } = user
+
+    // don't require a password if the db user doesn't already have one
+    if (dbUser && !dbUser.password) {
+      opts.requirePassword = false
+    }
+
+    let hashedPassword
+    if (password) {
+      if (await UserDB.isPreventPasswordActions(user, account)) {
+        throw new HTTPError("Password change is disabled for this user", 400)
+      }
+      hashedPassword = opts.hashPassword ? await hash(password) : password
+    } else if (dbUser) {
+      hashedPassword = dbUser.password
+    }
+
+    // passwords are never required if sso is enforced
+    const requirePasswords =
+      opts.requirePassword && !(await UserDB.features.isSSOEnforced())
+    if (!hashedPassword && requirePasswords) {
+      throw "Password must be specified."
+    }
+
+    _id = _id || dbUtils.generateGlobalUserID()
+
+    const fullUser = {
+      createdAt: Date.now(),
+      ...dbUser,
+      ...user,
+      _id,
+      password: hashedPassword,
+      tenantId,
+    }
+    // make sure the roles object is always present
+    if (!fullUser.roles) {
+      fullUser.roles = {}
+    }
+    // add the active status to a user if its not provided
+    if (fullUser.status == null) {
+      fullUser.status = UserStatus.ACTIVE
+    }
+
+    return fullUser
+  }
+
+  static async allUsers() {
+    const db = getGlobalDB()
+    const response = await db.allDocs(
+      dbUtils.getGlobalUserParams(null, {
+        include_docs: true,
+      })
+    )
+    return response.rows.map((row: any) => row.doc)
+  }
+
+  static async countUsersByApp(appId: string) {
+    let response: any = await usersCore.searchGlobalUsersByApp(appId, {})
+    return {
+      userCount: response.length,
+    }
+  }
+
+  static async getUsersByAppAccess(appId?: string) {
+    const opts: any = {
+      include_docs: true,
+      limit: 50,
+    }
+    let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
+      appId,
+      opts
+    )
+    return response
+  }
+
+  static async getUserByEmail(email: string) {
+    return usersCore.getGlobalUserByEmail(email)
+  }
+
+  /**
+   * Gets a user by ID from the global database, based on the current tenancy.
+   */
+  static async getUser(userId: string) {
+    const user = await usersCore.getById(userId)
+    if (user) {
+      delete user.password
+    }
+    return user
+  }
+
+  static async save(user: User, opts: SaveUserOpts = {}): Promise<User> {
+    // default booleans to true
+    if (opts.hashPassword == null) {
+      opts.hashPassword = true
+    }
+    if (opts.requirePassword == null) {
+      opts.requirePassword = true
+    }
+    const tenantId = getTenantId()
+    const db = getGlobalDB()
+
+    let { email, _id, userGroups = [], roles } = user
+
+    if (!email && !_id) {
+      throw new Error("_id or email is required")
+    }
+
+    if (
+      user.builder?.apps?.length &&
+      !(await UserDB.features.isAppBuildersEnabled())
+    ) {
+      throw new Error("Unable to update app builders, please check license")
+    }
+
+    let dbUser: User | undefined
+    if (_id) {
+      // try to get existing user from db
+      try {
+        dbUser = (await db.get(_id)) as User
+        if (email && dbUser.email !== email) {
+          throw "Email address cannot be changed"
+        }
+        email = dbUser.email
+      } catch (e: any) {
+        if (e.status === 404) {
+          // do nothing, save this new user with the id specified - required for SSO auth
+        } else {
+          throw e
+        }
+      }
+    }
+
+    if (!dbUser && email) {
+      // no id was specified - load from email instead
+      dbUser = await usersCore.getGlobalUserByEmail(email)
+      if (dbUser && dbUser._id !== _id) {
+        throw new EmailUnavailableError(email)
+      }
+    }
+
+    const change = dbUser ? 0 : 1 // no change if there is existing user
+    return UserDB.quotas.addUsers(change, async () => {
+      await validateUniqueUser(email, tenantId)
+
+      let builtUser = await UserDB.buildUser(user, opts, tenantId, dbUser)
+      // don't allow a user to update its own roles/perms
+      if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
+        builtUser = usersCore.cleanseUserObject(builtUser, dbUser) as User
+      }
+
+      if (!dbUser && roles?.length) {
+        builtUser.roles = { ...roles }
+      }
+
+      // make sure we set the _id field for a new user
+      // Also if this is a new user, associate groups with them
+      let groupPromises = []
+      if (!_id) {
+        _id = builtUser._id!
+
+        if (userGroups.length > 0) {
+          for (let groupId of userGroups) {
+            groupPromises.push(UserDB.groups.addUsers(groupId, [_id!]))
+          }
+        }
+      }
+
+      try {
+        // save the user to db
+        let response = await db.put(builtUser)
+        builtUser._rev = response.rev
+
+        await eventHelpers.handleSaveEvents(builtUser, dbUser)
+        await platform.users.addUser(tenantId, builtUser._id!, builtUser.email)
+        await cache.user.invalidateUser(response.id)
+
+        await Promise.all(groupPromises)
+
+        // finally returned the saved user from the db
+        return db.get(builtUser._id!)
+      } catch (err: any) {
+        if (err.status === 409) {
+          throw "User exists already"
+        } else {
+          throw err
+        }
+      }
+    })
+  }
+
+  static async bulkCreate(
+    newUsersRequested: User[],
+    groups: string[]
+  ): Promise<BulkUserCreated> {
+    const tenantId = getTenantId()
+
+    let usersToSave: any[] = []
+    let newUsers: any[] = []
+
+    const emails = newUsersRequested.map((user: User) => user.email)
+    const existingEmails = await searchExistingEmails(emails)
+    const unsuccessful: { email: string; reason: string }[] = []
+
+    for (const newUser of newUsersRequested) {
+      if (
+        newUsers.find(
+          (x: User) => x.email.toLowerCase() === newUser.email.toLowerCase()
+        ) ||
+        existingEmails.includes(newUser.email.toLowerCase())
+      ) {
+        unsuccessful.push({
+          email: newUser.email,
+          reason: `Unavailable`,
+        })
+        continue
+      }
+      newUser.userGroups = groups
+      newUsers.push(newUser)
+    }
+
+    const account = await accountSdk.getAccountByTenantId(tenantId)
+    return UserDB.quotas.addUsers(newUsers.length, async () => {
+      // create the promises array that will be called by bulkDocs
+      newUsers.forEach((user: any) => {
+        usersToSave.push(
+          UserDB.buildUser(
+            user,
+            {
+              hashPassword: true,
+              requirePassword: user.requirePassword,
+            },
+            tenantId,
+            undefined, // no dbUser
+            account
+          )
+        )
+      })
+
+      const usersToBulkSave = await Promise.all(usersToSave)
+      await usersCore.bulkUpdateGlobalUsers(usersToBulkSave)
+
+      // Post-processing of bulk added users, e.g. events and cache operations
+      for (const user of usersToBulkSave) {
+        // TODO: Refactor to bulk insert users into the info db
+        // instead of relying on looping tenant creation
+        await platform.users.addUser(tenantId, user._id, user.email)
+        await eventHelpers.handleSaveEvents(user, undefined)
+      }
+
+      const saved = usersToBulkSave.map(user => {
+        return {
+          _id: user._id,
+          email: user.email,
+        }
+      })
+
+      // now update the groups
+      if (Array.isArray(saved) && groups) {
+        const groupPromises = []
+        const createdUserIds = saved.map(user => user._id)
+        for (let groupId of groups) {
+          groupPromises.push(UserDB.groups.addUsers(groupId, createdUserIds))
+        }
+        await Promise.all(groupPromises)
+      }
+
+      return {
+        successful: saved,
+        unsuccessful,
+      }
+    })
+  }
+
+  static async bulkDelete(userIds: string[]): Promise<BulkUserDeleted> {
+    const db = getGlobalDB()
+
+    const response: BulkUserDeleted = {
+      successful: [],
+      unsuccessful: [],
+    }
+
+    // remove the account holder from the delete request if present
+    const account = await getAccountHolderFromUserIds(userIds)
+    if (account) {
+      userIds = userIds.filter(u => u !== account.budibaseUserId)
+      // mark user as unsuccessful
+      response.unsuccessful.push({
+        _id: account.budibaseUserId,
+        email: account.email,
+        reason: "Account holder cannot be deleted",
+      })
+    }
+
+    // Get users and delete
+    const allDocsResponse: AllDocsResponse<User> = await db.allDocs({
+      include_docs: true,
+      keys: userIds,
+    })
+    const usersToDelete: User[] = allDocsResponse.rows.map(
+      (user: RowResponse<User>) => {
+        return user.doc
+      }
+    )
+
+    // Delete from DB
+    const toDelete = usersToDelete.map(user => ({
+      ...user,
+      _deleted: true,
+    }))
+    const dbResponse = await usersCore.bulkUpdateGlobalUsers(toDelete)
+
+    await UserDB.quotas.removeUsers(toDelete.length)
+    for (let user of usersToDelete) {
+      await bulkDeleteProcessing(user)
+    }
+
+    // Build Response
+    // index users by id
+    const userIndex: { [key: string]: User } = {}
+    usersToDelete.reduce((prev, current) => {
+      prev[current._id!] = current
+      return prev
+    }, userIndex)
+
+    // add the successful and unsuccessful users to response
+    dbResponse.forEach(item => {
+      const email = userIndex[item.id].email
+      if (item.ok) {
+        response.successful.push({ _id: item.id, email })
+      } else {
+        response.unsuccessful.push({
+          _id: item.id,
+          email,
+          reason: "Database error",
+        })
+      }
+    })
+
+    return response
+  }
+
+  static async destroy(id: string) {
+    const db = getGlobalDB()
+    const dbUser = (await db.get(id)) as User
+    const userId = dbUser._id as string
+
+    if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
+      // root account holder can't be deleted from inside budibase
+      const email = dbUser.email
+      const account = await accounts.getAccount(email)
+      if (account) {
+        if (dbUser.userId === getIdentity()!._id) {
+          throw new HTTPError('Please visit "Account" to delete this user', 400)
+        } else {
+          throw new HTTPError("Account holder cannot be deleted", 400)
+        }
+      }
+    }
+
+    await platform.users.removeUser(dbUser)
+
+    await db.remove(userId, dbUser._rev)
+
+    await UserDB.quotas.removeUsers(1)
+    await eventHelpers.handleDeleteEvents(dbUser)
+    await cache.user.invalidateUser(userId)
+    await sessions.invalidateSessions(userId, { reason: "deletion" })
+  }
+}
--- a/packages/backend-core/src/users/events.ts
+++ b/packages/backend-core/src/users/events.ts
@ -1,15 +1,18 @@
-import env from "../../environment"
-import { events, accounts, tenancy } from "@budibase/backend-core"
+import env from "../environment"
+import * as events from "../events"
+import * as accounts from "../accounts"
+import { getTenantId } from "../context"
 import { User, UserRoles, CloudAccount } from "@budibase/types"
+import { hasBuilderPermissions, hasAdminPermissions } from "./utils"

 export const handleDeleteEvents = async (user: any) => {
  await events.user.deleted(user)

-  if (isBuilder(user)) {
+  if (hasBuilderPermissions(user)) {
    await events.user.permissionBuilderRemoved(user)
  }

-  if (isAdmin(user)) {
+  if (hasAdminPermissions(user)) {
    await events.user.permissionAdminRemoved(user)
  }
 }
@ -55,7 +58,7 @@ export const handleSaveEvents = async (
  user: User,
  existingUser: User | undefined
 ) => {
-  const tenantId = tenancy.getTenantId()
+  const tenantId = getTenantId()
  let tenantAccount: CloudAccount | undefined
  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
    tenantAccount = await accounts.getAccountByTenantId(tenantId)
@ -103,23 +106,20 @@ export const handleSaveEvents = async (
  await handleAppRoleEvents(user, existingUser)
 }

-const isBuilder = (user: any) => user.builder && user.builder.global
-const isAdmin = (user: any) => user.admin && user.admin.global
-
 export const isAddingBuilder = (user: any, existingUser: any) => {
-  return isAddingPermission(user, existingUser, isBuilder)
+  return isAddingPermission(user, existingUser, hasBuilderPermissions)
 }

 export const isRemovingBuilder = (user: any, existingUser: any) => {
-  return isRemovingPermission(user, existingUser, isBuilder)
+  return isRemovingPermission(user, existingUser, hasBuilderPermissions)
 }

 const isAddingAdmin = (user: any, existingUser: any) => {
-  return isAddingPermission(user, existingUser, isAdmin)
+  return isAddingPermission(user, existingUser, hasAdminPermissions)
 }

 const isRemovingAdmin = (user: any, existingUser: any) => {
-  return isRemovingPermission(user, existingUser, isAdmin)
+  return isRemovingPermission(user, existingUser, hasAdminPermissions)
 }

 const isOnboardingComplete = (user: any, existingUser: any) => {
--- a/packages/backend-core/src/users/index.ts
+++ b/packages/backend-core/src/users/index.ts
@ -0,0 +1,4 @@
+export * from "./users"
+export * from "./utils"
+export * from "./lookup"
+export { UserDB } from "./db"
--- a/packages/backend-core/src/users/lookup.ts
+++ b/packages/backend-core/src/users/lookup.ts
@ -0,0 +1,102 @@
+import {
+  AccountMetadata,
+  PlatformUser,
+  PlatformUserByEmail,
+  User,
+} from "@budibase/types"
+import * as dbUtils from "../db"
+import { ViewName } from "../constants"
+
+/**
+ * Apply a system-wide search on emails:
+ * - in tenant
+ * - cross tenant
+ * - accounts
+ * return an array of emails that match the supplied emails.
+ */
+export async function searchExistingEmails(emails: string[]) {
+  let matchedEmails: string[] = []
+
+  const existingTenantUsers = await getExistingTenantUsers(emails)
+  matchedEmails.push(...existingTenantUsers.map(user => user.email))
+
+  const existingPlatformUsers = await getExistingPlatformUsers(emails)
+  matchedEmails.push(...existingPlatformUsers.map(user => user._id!))
+
+  const existingAccounts = await getExistingAccounts(emails)
+  matchedEmails.push(...existingAccounts.map(account => account.email))
+
+  return [...new Set(matchedEmails.map(email => email.toLowerCase()))]
+}
+
+// lookup, could be email or userId, either will return a doc
+export async function getPlatformUser(
+  identifier: string
+): Promise<PlatformUser | null> {
+  // use the view here and allow to find anyone regardless of casing
+  // Use lowercase to ensure email login is case insensitive
+  return (await dbUtils.queryPlatformView(ViewName.PLATFORM_USERS_LOWERCASE, {
+    keys: [identifier.toLowerCase()],
+    include_docs: true,
+  })) as PlatformUser
+}
+
+export async function getExistingTenantUsers(
+  emails: string[]
+): Promise<User[]> {
+  const lcEmails = emails.map(email => email.toLowerCase())
+  const params = {
+    keys: lcEmails,
+    include_docs: true,
+  }
+
+  const opts = {
+    arrayResponse: true,
+  }
+
+  return (await dbUtils.queryGlobalView(
+    ViewName.USER_BY_EMAIL,
+    params,
+    undefined,
+    opts
+  )) as User[]
+}
+
+export async function getExistingPlatformUsers(
+  emails: string[]
+): Promise<PlatformUserByEmail[]> {
+  const lcEmails = emails.map(email => email.toLowerCase())
+  const params = {
+    keys: lcEmails,
+    include_docs: true,
+  }
+
+  const opts = {
+    arrayResponse: true,
+  }
+  return (await dbUtils.queryPlatformView(
+    ViewName.PLATFORM_USERS_LOWERCASE,
+    params,
+    opts
+  )) as PlatformUserByEmail[]
+}
+
+export async function getExistingAccounts(
+  emails: string[]
+): Promise<AccountMetadata[]> {
+  const lcEmails = emails.map(email => email.toLowerCase())
+  const params = {
+    keys: lcEmails,
+    include_docs: true,
+  }
+
+  const opts = {
+    arrayResponse: true,
+  }
+
+  return (await dbUtils.queryPlatformView(
+    ViewName.ACCOUNT_BY_EMAIL,
+    params,
+    opts
+  )) as AccountMetadata[]
+}
--- a/packages/backend-core/src/users/users.ts
+++ b/packages/backend-core/src/users/users.ts
@ -11,10 +11,16 @@ import {
  SEPARATOR,
  UNICODE_MAX,
  ViewName,
-} from "./db"
-import { BulkDocsResponse, SearchUsersRequest, User } from "@budibase/types"
-import { getGlobalDB } from "./context"
-import * as context from "./context"
+} from "../db"
+import {
+  BulkDocsResponse,
+  SearchUsersRequest,
+  User,
+  ContextUser,
+} from "@budibase/types"
+import { getGlobalDB } from "../context"
+import * as context from "../context"
+import { user as userCache } from "../cache"

 type GetOpts = { cleanup?: boolean }

@ -178,7 +184,7 @@ export const getGlobalUserByAppPage = (appId: string, user: User) => {
 * Performs a starts with search on the global email view.
 */
 export const searchGlobalUsersByEmail = async (
-  email: string,
+  email: string | unknown,
  opts: any,
  getOpts?: GetOpts
 ) => {
@ -248,3 +254,23 @@ export async function getUserCount() {
  })
  return response.total_rows
 }
+
+// used to remove the builder/admin permissions, for processing the
+// user as an app user (they may have some specific role/group
+export function removePortalUserPermissions(user: User | ContextUser) {
+  delete user.admin
+  delete user.builder
+  return user
+}
+
+export function cleanseUserObject(user: User | ContextUser, base?: User) {
+  delete user.admin
+  delete user.builder
+  delete user.roles
+  if (base) {
+    user.admin = base.admin
+    user.builder = base.builder
+    user.roles = base.roles
+  }
+  return user
+}
--- a/packages/backend-core/src/users/utils.ts
+++ b/packages/backend-core/src/users/utils.ts
@ -0,0 +1,55 @@
+import { CloudAccount } from "@budibase/types"
+import * as accountSdk from "../accounts"
+import env from "../environment"
+import { getPlatformUser } from "./lookup"
+import { EmailUnavailableError } from "../errors"
+import { getTenantId } from "../context"
+import { sdk } from "@budibase/shared-core"
+import { getAccountByTenantId } from "../accounts"
+
+// extract from shared-core to make easily accessible from backend-core
+export const isBuilder = sdk.users.isBuilder
+export const isAdmin = sdk.users.isAdmin
+export const isGlobalBuilder = sdk.users.isGlobalBuilder
+export const isAdminOrBuilder = sdk.users.isAdminOrBuilder
+export const hasAdminPermissions = sdk.users.hasAdminPermissions
+export const hasBuilderPermissions = sdk.users.hasBuilderPermissions
+export const hasAppBuilderPermissions = sdk.users.hasAppBuilderPermissions
+
+export async function validateUniqueUser(email: string, tenantId: string) {
+  // check budibase users in other tenants
+  if (env.MULTI_TENANCY) {
+    const tenantUser = await getPlatformUser(email)
+    if (tenantUser != null && tenantUser.tenantId !== tenantId) {
+      throw new EmailUnavailableError(email)
+    }
+  }
+
+  // check root account users in account portal
+  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
+    const account = await accountSdk.getAccount(email)
+    if (account && account.verified && account.tenantId !== tenantId) {
+      throw new EmailUnavailableError(email)
+    }
+  }
+}
+
+/**
+ * For the given user id's, return the account holder if it is in the ids.
+ */
+export async function getAccountHolderFromUserIds(
+  userIds: string[]
+): Promise<CloudAccount | undefined> {
+  if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
+    const tenantId = getTenantId()
+    const account = await getAccountByTenantId(tenantId)
+    if (!account) {
+      throw new Error(`Account not found for tenantId=${tenantId}`)
+    }
+
+    const budibaseUserId = account.budibaseUserId
+    if (userIds.includes(budibaseUserId)) {
+      return account
+    }
+  }
+}
--- a/packages/backend-core/tests/core/utilities/mocks/events.ts
+++ b/packages/backend-core/tests/core/utilities/mocks/events.ts
@ -1,5 +1,3 @@
-import * as events from "../../../../src/events"
-
 beforeAll(async () => {
  const processors = await import("../../../../src/events/processors")
  const events = await import("../../../../src/events")
--- a/packages/backend-core/tests/core/utilities/mocks/licenses.ts
+++ b/packages/backend-core/tests/core/utilities/mocks/licenses.ts
@ -94,6 +94,10 @@ export const useSyncAutomations = () => {
  return useFeature(Feature.SYNC_AUTOMATIONS)
 }

+export const useAppBuilders = () => {
+  return useFeature(Feature.APP_BUILDERS)
+}
+
 // QUOTAS

 export const setAutomationLogsQuota = (value: number) => {
--- a/packages/backend-core/tests/core/utilities/structures/users.ts
+++ b/packages/backend-core/tests/core/utilities/structures/users.ts
@ -1,5 +1,6 @@
 import {
  AdminUser,
+  AdminOnlyUser,
  BuilderUser,
  SSOAuthDetails,
  SSOUser,
@ -21,6 +22,15 @@ export const adminUser = (userProps?: any): AdminUser => {
  }
 }

+export const adminOnlyUser = (userProps?: any): AdminOnlyUser => {
+  return {
+    ...user(userProps),
+    admin: {
+      global: true,
+    },
+  }
+}
+
 export const builderUser = (userProps?: any): BuilderUser => {
  return {
    ...user(userProps),
@ -30,6 +40,15 @@ export const builderUser = (userProps?: any): BuilderUser => {
  }
 }

+export const appBuilderUser = (appId: string, userProps?: any): BuilderUser => {
+  return {
+    ...user(userProps),
+    builder: {
+      apps: [appId],
+    },
+  }
+}
+
 export function ssoUser(
  opts: { user?: any; details?: SSOAuthDetails } = {}
 ): SSOUser {
--- a/packages/backend-core/tsconfig.json
+++ b/packages/backend-core/tsconfig.json
@ -4,9 +4,9 @@
    "composite": true,
    "baseUrl": ".",
    "paths": {
-      "@budibase/types": ["../types/src"]
+      "@budibase/types": ["../types/src"],
+      "@budibase/shared-core": ["../shared-core/src"]
    }
  },
-
  "exclude": ["node_modules", "dist"]
 }
--- a/packages/bbui/package.json
+++ b/packages/bbui/package.json
@ -98,13 +98,13 @@
          {
            "projects": [
              "@budibase/string-templates",
-              "@budibase/shared-core"
+              "@budibase/shared-core",
+              "@budibase/types"
            ],
            "target": "build"
          }
        ]
      }
    }
-  },
-  "gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
+  }
 }
--- a/packages/builder/package.json
+++ b/packages/builder/package.json
@ -133,8 +133,21 @@
        "dependsOn": [
          {
            "projects": [
+              "@budibase/shared-core",
              "@budibase/string-templates",
-              "@budibase/shared-core"
+              "@budibase/types"
+            ],
+            "target": "build"
+          }
+        ]
+      },
+      "dev:builder": {
+        "dependsOn": [
+          {
+            "projects": [
+              "@budibase/shared-core",
+              "@budibase/string-templates",
+              "@budibase/types"
            ],
            "target": "build"
          }
@ -145,13 +158,13 @@
          {
            "projects": [
              "@budibase/shared-core",
-              "@budibase/string-templates"
+              "@budibase/string-templates",
+              "@budibase/types"
            ],
            "target": "build"
          }
        ]
      }
    }
-  },
-  "gitHead": "115189f72a850bfb52b65ec61d932531bf327072"
+  }
 }
--- a/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte
+++ b/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte
@ -108,7 +108,10 @@
  /****************************************************/

  const getInputData = (testData, blockInputs) => {
-    let newInputData = testData || blockInputs
+    // Test data is not cloned for reactivity
+    let newInputData = testData || cloneDeep(blockInputs)
+
+    // Ensures the app action fields are populated
    if (block.event === "app:trigger" && !newInputData?.fields) {
      newInputData = cloneDeep(blockInputs)
    }
--- a/packages/builder/src/components/automation/SetupPanel/QueryParamSelector.svelte
+++ b/packages/builder/src/components/automation/SetupPanel/QueryParamSelector.svelte
@ -50,6 +50,7 @@
        type="string"
        {bindings}
        fillWidth={true}
+        updateOnChange={false}
      />
    {/each}
  </div>
--- a/packages/builder/src/components/start/AppRow.svelte
+++ b/packages/builder/src/components/start/AppRow.svelte
@ -1,16 +1,21 @@
 <script>
  import { Heading, Body, Button, Icon } from "@budibase/bbui"
  import { processStringSync } from "@budibase/string-templates"
+  import { auth } from "stores/portal"
  import { goto } from "@roxi/routify"
  import { UserAvatars } from "@budibase/frontend-core"
+  import { sdk } from "@budibase/shared-core"

  export let app
  export let lockedAction

  $: editing = app.sessions?.length
+  $: isBuilder = sdk.users.isBuilder($auth.user, app?.devId)

  const handleDefaultClick = () => {
-    if (window.innerWidth < 640) {
+    if (!isBuilder) {
+      goToApp()
+    } else if (window.innerWidth < 640) {
      goToOverview()
    } else {
      goToBuilder()
@ -24,6 +29,10 @@
  const goToOverview = () => {
    $goto(`../../app/${app.devId}/settings`)
  }
+
+  const goToApp = () => {
+    window.open(`/app/${app.name}`, "_blank")
+  }
 </script>

 <div class="app-row" on:click={lockedAction || handleDefaultClick}>
@ -39,7 +48,7 @@
  </div>

  <div class="updated">
-    {#if editing}
+    {#if editing && isBuilder}
      Currently editing
      <UserAvatars users={app.sessions} />
    {:else if app.updatedAt}
@ -56,14 +65,21 @@
    <Body size="S">{app.deployed ? "Published" : "Unpublished"}</Body>
  </div>

-  <div class="app-row-actions">
-    <Button size="S" secondary on:click={lockedAction || goToOverview}>
-      Manage
-    </Button>
-    <Button size="S" primary on:click={lockedAction || goToBuilder}>
-      Edit
-    </Button>
-  </div>
+  {#if isBuilder}
+    <div class="app-row-actions">
+      <Button size="S" secondary on:click={lockedAction || goToOverview}>
+        Manage
+      </Button>
+      <Button size="S" primary on:click={lockedAction || goToBuilder}>
+        Edit
+      </Button>
+    </div>
+  {:else}
+    <!-- this can happen if an app builder has app user access to an app -->
+    <div class="app-row-actions">
+      <Button size="S" secondary>View</Button>
+    </div>
+  {/if}
 </div>

 <style>
--- a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
@ -12,12 +12,12 @@
  } from "@budibase/bbui"
  import { store } from "builderStore"
  import { groups, licensing, apps, users, auth, admin } from "stores/portal"
-  import { fetchData } from "@budibase/frontend-core"
+  import { fetchData, Constants, Utils } from "@budibase/frontend-core"
+  import { sdk } from "@budibase/shared-core"
  import { API } from "api"
  import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte"
  import RoleSelect from "components/common/RoleSelect.svelte"
  import UpgradeModal from "components/common/users/UpgradeModal.svelte"
-  import { Constants, Utils } from "@budibase/frontend-core"
  import { emailValidator } from "helpers/validation"
  import { roles } from "stores/backend"
  import { fly } from "svelte/transition"
@ -108,9 +108,9 @@
    await usersFetch.refresh()

    filteredUsers = $usersFetch.rows.map(user => {
-      const isBuilderOrAdmin = user.admin?.global || user.builder?.global
+      const isAdminOrBuilder = sdk.users.isAdminOrBuilder(user, prodAppId)
      let role = undefined
-      if (isBuilderOrAdmin) {
+      if (isAdminOrBuilder) {
        role = Constants.Roles.ADMIN
      } else {
        const appRole = Object.keys(user.roles).find(x => x === prodAppId)
@ -122,7 +122,7 @@
      return {
        ...user,
        role,
-        isBuilderOrAdmin,
+        isAdminOrBuilder,
      }
    })
  }
@ -258,7 +258,7 @@
    }
    // Must exclude users who have explicit privileges
    const userByEmail = filteredUsers.reduce((acc, user) => {
-      if (user.role || user.admin?.global || user.builder?.global) {
+      if (user.role || sdk.users.isAdminOrBuilder(user, prodAppId)) {
        acc.push(user.email)
      }
      return acc
@ -389,9 +389,9 @@
  }

  const userTitle = user => {
-    if (user.admin?.global) {
+    if (sdk.users.isAdmin(user)) {
      return "Admin"
-    } else if (user.builder?.global) {
+    } else if (sdk.users.isBuilder(user, prodAppId)) {
      return "Developer"
    } else {
      return "App user"
@ -403,7 +403,7 @@
      const role = $roles.find(role => role._id === user.role)
      return `This user has been given ${role?.name} access from the ${user.group} group`
    }
-    if (user.isBuilderOrAdmin) {
+    if (user.isAdminOrBuilder) {
      return "This user's role grants admin access to all apps"
    }
    return null
@ -614,7 +614,7 @@
                    }}
                    autoWidth
                    align="right"
-                    allowedRoles={user.isBuilderOrAdmin
+                    allowedRoles={user.isAdminOrBuilder
                      ? [Constants.Roles.ADMIN]
                      : null}
                  />
--- a/packages/builder/src/pages/builder/app/[application]/data/_layout.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/data/_layout.svelte
@ -2,14 +2,15 @@
  import { Button, Layout } from "@budibase/bbui"
  import DatasourceNavigator from "components/backend/DatasourceNavigator/DatasourceNavigator.svelte"
  import Panel from "components/design/Panel.svelte"
-  import { isActive, goto, redirect } from "@roxi/routify"
+  import { isActive, redirect, goto, params } from "@roxi/routify"
  import BetaButton from "./_components/BetaButton.svelte"
  import { datasources } from "stores/backend"

  $: {
    // If we ever don't have any data other than the users table, prompt the
    // user to add some
-    if (!$datasources.hasData) {
+    // Don't redirect if setting up google sheets, or we lose the query parameter
+    if (!$datasources.hasData && !$params["?continue_google_setup"]) {
      $redirect("./new")
    }
  }
--- a/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
@ -4,6 +4,8 @@
  import { url, isActive } from "@roxi/routify"
  import DeleteModal from "components/deploy/DeleteModal.svelte"
  import { isOnlyUser } from "builderStore"
+  import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"

  let deleteModal
 </script>
@ -44,22 +46,24 @@
            url={$url("./version")}
            active={$isActive("./version")}
          />
-          <div class="delete-action">
-            <AbsTooltip
-              position={TooltipPosition.Bottom}
-              text={$isOnlyUser
-                ? null
-                : "Unavailable - another user is editing this app"}
-            >
-              <SideNavItem
-                text="Delete app"
-                disabled={!$isOnlyUser}
-                on:click={() => {
-                  deleteModal.show()
-                }}
-              />
-            </AbsTooltip>
-          </div>
+          {#if sdk.users.isGlobalBuilder($auth.user)}
+            <div class="delete-action">
+              <AbsTooltip
+                position={TooltipPosition.Bottom}
+                text={$isOnlyUser
+                  ? null
+                  : "Unavailable - another user is editing this app"}
+              >
+                <SideNavItem
+                  text="Delete app"
+                  disabled={!$isOnlyUser}
+                  on:click={() => {
+                    deleteModal.show()
+                  }}
+                />
+              </AbsTooltip>
+            </div>
+          {/if}
        </SideNav>
        <slot />
      </Content>
--- a/packages/builder/src/pages/builder/apps/index.svelte
+++ b/packages/builder/src/pages/builder/apps/index.svelte
@ -22,53 +22,39 @@
  import Spaceman from "assets/bb-space-man.svg"
  import Logo from "assets/bb-emblem.svg"
  import { UserAvatar } from "@budibase/frontend-core"
-  import { helpers } from "@budibase/shared-core"
+  import { helpers, sdk } from "@budibase/shared-core"

  let loaded = false
  let userInfoModal
  let changePasswordModal

-  onMount(async () => {
-    try {
-      await organisation.init()
-      await apps.load()
-      await groups.actions.init()
-    } catch (error) {
-      notifications.error("Error loading apps")
-    }
-    loaded = true
-  })
-  const publishedAppsOnly = app => app.status === AppStatus.DEPLOYED
-
  $: userGroups = $groups.filter(group =>
    group.users.find(user => user._id === $auth.user?._id)
  )
-  let userApps = []
-  $: publishedApps = $apps.filter(publishedAppsOnly)
+  $: publishedApps = $apps.filter(app => app.status === AppStatus.DEPLOYED)
+  $: userApps = getUserApps(publishedApps, userGroups, $auth.user)

-  $: {
-    if (!Object.keys($auth.user?.roles).length && $auth.user?.userGroups) {
-      userApps =
-        $auth.user?.builder?.global || $auth.user?.admin?.global
-          ? publishedApps
-          : publishedApps.filter(app => {
-              return userGroups.find(group => {
-                return groups.actions
-                  .getGroupAppIds(group)
-                  .map(role => apps.extractAppId(role))
-                  .includes(app.appId)
-              })
-            })
-    } else {
-      userApps =
-        $auth.user?.builder?.global || $auth.user?.admin?.global
-          ? publishedApps
-          : publishedApps.filter(app =>
-              Object.keys($auth.user?.roles)
-                .map(x => apps.extractAppId(x))
-                .includes(app.appId)
-            )
+  function getUserApps(publishedApps, userGroups, user) {
+    if (sdk.users.isAdmin(user)) {
+      return publishedApps
    }
+    return publishedApps.filter(app => {
+      if (sdk.users.isBuilder(user, app.appId)) {
+        return true
+      }
+      if (!Object.keys(user?.roles).length && user?.userGroups) {
+        return userGroups.find(group => {
+          return groups.actions
+            .getGroupAppIds(group)
+            .map(role => apps.extractAppId(role))
+            .includes(app.appId)
+        })
+      } else {
+        return Object.keys($auth.user?.roles)
+          .map(x => apps.extractAppId(x))
+          .includes(app.appId)
+      }
+    })
  }

  function getUrl(app) {
@ -86,6 +72,17 @@
      // Swallow error and do nothing
    }
  }
+
+  onMount(async () => {
+    try {
+      await organisation.init()
+      await apps.load()
+      await groups.actions.init()
+    } catch (error) {
+      notifications.error("Error loading apps")
+    }
+    loaded = true
+  })
 </script>

 {#if $auth.user && loaded}
@ -109,7 +106,7 @@
              >
                Update password
              </MenuItem>
-              {#if $auth.isBuilder}
+              {#if sdk.users.hasBuilderPermissions($auth.user)}
                <MenuItem
                  icon="UserDeveloper"
                  on:click={() => $goto("../portal")}
--- a/packages/builder/src/pages/builder/index.svelte
+++ b/packages/builder/src/pages/builder/index.svelte
@ -1,11 +1,12 @@
 <script>
  import { redirect } from "@roxi/routify"
  import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"

  auth.checkQueryString()

  $: {
-    if ($auth.user?.builder?.global) {
+    if (sdk.users.hasBuilderPermissions($auth.user)) {
      $redirect(`./portal`)
    } else if ($auth.user) {
      $redirect(`./apps`)
--- a/packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte
+++ b/packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte
@ -3,6 +3,7 @@
  import { goto } from "@roxi/routify"
  import { auth, admin, licensing } from "stores/portal"
  import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
+  import { sdk } from "@budibase/shared-core"
 </script>

 {#if isEnabled(TENANT_FEATURE_FLAGS.LICENSING) && !$licensing.isEnterprisePlan}
@ -17,7 +18,7 @@
    >
      Upgrade
    </Button>
-  {:else if !$admin.cloud && $auth.isAdmin}
+  {:else if !$admin.cloud && sdk.users.isAdmin($auth.user)}
    <Button
      cta
      size="S"
--- a/packages/builder/src/pages/builder/portal/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/_layout.svelte
@ -8,13 +8,14 @@
  import Logo from "./_components/Logo.svelte"
  import UserDropdown from "./_components/UserDropdown.svelte"
  import HelpMenu from "components/common/HelpMenu.svelte"
+  import { sdk } from "@budibase/shared-core"

  let loaded = false
  let mobileMenuVisible = false
  let activeTab = "Apps"

  $: $url(), updateActiveTab($menu)
-  $: fullscreen = !$apps.length
+  $: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)

  const updateActiveTab = menu => {
    for (let entry of menu) {
@ -33,7 +34,7 @@
  onMount(async () => {
    // Prevent non-builders from accessing the portal
    if ($auth.user) {
-      if (!$auth.user?.builder?.global) {
+      if (!sdk.users.hasBuilderPermissions($auth.user)) {
        $redirect("../")
      } else {
        try {
@ -49,7 +50,7 @@
 </script>

 {#if $auth.user && loaded}
-  {#if fullscreen}
+  {#if isOnboarding}
    <slot />
  {:else}
    <HelpMenu />
--- a/packages/builder/src/pages/builder/portal/account/upgrade.svelte
+++ b/packages/builder/src/pages/builder/portal/account/upgrade.svelte
@ -19,6 +19,7 @@
  import DeleteLicenseKeyModal from "../../../../components/portal/licensing/DeleteLicenseKeyModal.svelte"
  import { API } from "api"
  import { onMount } from "svelte"
+  import { sdk } from "@budibase/shared-core"

  $: license = $auth.user.license
  $: upgradeUrl = `${$admin.accountPortalUrl}/portal/upgrade`
@ -176,7 +177,7 @@
  })
 </script>

-{#if $auth.isAdmin}
+{#if sdk.users.isAdmin($auth.user)}
  <DeleteLicenseKeyModal
    bind:this={deleteLicenseKeyModal}
    onConfirm={deleteLicenseKey}
--- a/packages/builder/src/pages/builder/portal/account/usage.svelte
+++ b/packages/builder/src/pages/builder/portal/account/usage.svelte
@ -14,6 +14,7 @@
  import { Constants } from "@budibase/frontend-core"
  import { DashCard, Usage } from "components/usage"
  import { PlanModel } from "constants"
+  import { sdk } from "@budibase/shared-core"

  let staticUsage = []
  let monthlyUsage = []
@ -51,7 +52,8 @@
  $: accountPortalAccess = $auth?.user?.accountPortalAccess
  $: quotaReset = quotaUsage?.quotaReset
  $: canManagePlan =
-    ($admin.cloud && accountPortalAccess) || (!$admin.cloud && $auth.isAdmin)
+    ($admin.cloud && accountPortalAccess) ||
+    (!$admin.cloud && sdk.users.isAdmin($auth.user))

  $: showButton = !usesInvoicing && accountPortalAccess

--- a/packages/builder/src/pages/builder/portal/apps/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/_layout.svelte
@ -1,11 +1,19 @@
 <script>
  import { notifications } from "@budibase/bbui"
-  import { admin, apps, templates, licensing, groups } from "stores/portal"
+  import {
+    admin,
+    apps,
+    templates,
+    licensing,
+    groups,
+    auth,
+  } from "stores/portal"
  import { onMount } from "svelte"
  import { redirect } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"

  // Don't block loading if we've already hydrated state
-  let loaded = $apps.length > 0
+  let loaded = $apps.length != null

  onMount(async () => {
    try {
@ -25,7 +33,7 @@
      }

      // Go to new app page if no apps exists
-      if (!$apps.length) {
+      if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
        $redirect("./onboarding")
      }
    } catch (error) {
--- a/packages/builder/src/pages/builder/portal/apps/index.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/index.svelte
@ -15,6 +15,7 @@
  import CreateAppModal from "components/start/CreateAppModal.svelte"
  import AppLimitModal from "components/portal/licensing/AppLimitModal.svelte"
  import AccountLockedModal from "components/portal/licensing/AccountLockedModal.svelte"
+  import { sdk } from "@budibase/shared-core"

  import { store, automationStore } from "builderStore"
  import { API } from "api"
@ -203,40 +204,40 @@
  })
 </script>

-{#if $apps.length}
-  <Page>
-    <Layout noPadding gap="L">
-      {#each Object.keys(automationErrors || {}) as appId}
-        <Notification
-          wide
-          dismissable
-          action={() => goToAutomationError(appId)}
-          type="error"
-          icon="Alert"
-          actionMessage={errorCount(automationErrors[appId]) > 1
-            ? "View errors"
-            : "View error"}
-          on:dismiss={async () => {
-            await automationStore.actions.clearLogErrors({ appId })
-            await apps.load()
-          }}
-          message={automationErrorMessage(appId)}
-        />
-      {/each}
-      <div class="title">
-        <div class="welcome">
-          <Layout noPadding gap="XS">
-            <Heading size="L">{welcomeHeader}</Heading>
-            <Body size="M">
-              Manage your apps and get a head start with templates
-            </Body>
-          </Layout>
-        </div>
+<Page>
+  <Layout noPadding gap="L">
+    {#each Object.keys(automationErrors || {}) as appId}
+      <Notification
+        wide
+        dismissable
+        action={() => goToAutomationError(appId)}
+        type="error"
+        icon="Alert"
+        actionMessage={errorCount(automationErrors[appId]) > 1
+          ? "View errors"
+          : "View error"}
+        on:dismiss={async () => {
+          await automationStore.actions.clearLogErrors({ appId })
+          await apps.load()
+        }}
+        message={automationErrorMessage(appId)}
+      />
+    {/each}
+    <div class="title">
+      <div class="welcome">
+        <Layout noPadding gap="XS">
+          <Heading size="L">{welcomeHeader}</Heading>
+          <Body size="M">
+            Below you'll find the list of apps that you have access to
+          </Body>
+        </Layout>
      </div>
+    </div>

-      {#if enrichedApps.length}
-        <Layout noPadding gap="L">
-          <div class="title">
+    {#if enrichedApps.length}
+      <Layout noPadding gap="L">
+        <div class="title">
+          {#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
            <div class="buttons">
              <Button
                size="M"
@ -266,41 +267,46 @@
                </Button>
              {/if}
            </div>
-            {#if enrichedApps.length > 1}
-              <div class="app-actions">
-                <Select
-                  autoWidth
-                  bind:value={sortBy}
-                  placeholder={null}
-                  options={[
-                    { label: "Sort by name", value: "name" },
-                    { label: "Sort by recently updated", value: "updated" },
-                    { label: "Sort by status", value: "status" },
-                  ]}
-                />
-                <Search placeholder="Search" bind:value={searchTerm} />
-              </div>
-            {/if}
-          </div>
-
-          <div class="app-table">
-            {#each filteredApps as app (app.appId)}
-              <AppRow {app} lockedAction={usersLimitLockAction} />
-            {/each}
-          </div>
-        </Layout>
-      {/if}
-
-      {#if creatingFromTemplate}
-        <div class="empty-wrapper">
-          <img class="img-logo img-size" alt="logo" src={Logo} />
-          <p>Creating your Budibase app from your selected template...</p>
-          <Spinner size="10" />
+          {/if}
+          {#if enrichedApps.length > 1}
+            <div class="app-actions">
+              <Select
+                autoWidth
+                bind:value={sortBy}
+                placeholder={null}
+                options={[
+                  { label: "Sort by name", value: "name" },
+                  { label: "Sort by recently updated", value: "updated" },
+                  { label: "Sort by status", value: "status" },
+                ]}
+              />
+              <Search placeholder="Search" bind:value={searchTerm} />
+            </div>
+          {/if}
        </div>
-      {/if}
-    </Layout>
-  </Page>
-{/if}
+
+        <div class="app-table">
+          {#each filteredApps as app (app.appId)}
+            <AppRow {app} lockedAction={usersLimitLockAction} />
+          {/each}
+        </div>
+      </Layout>
+    {:else}
+      <div class="no-apps">
+        <img class="spaceman" alt="spaceman" src={Logo} width="100px" />
+        <Body weight="700">You haven't been given access to any apps yet</Body>
+      </div>
+    {/if}
+
+    {#if creatingFromTemplate}
+      <div class="empty-wrapper">
+        <img class="img-logo img-size" alt="logo" src={Logo} />
+        <p>Creating your Budibase app from your selected template...</p>
+        <Spinner size="10" />
+      </div>
+    {/if}
+  </Layout>
+</Page>

 <Modal
  bind:this={creationModal}
@ -368,6 +374,16 @@
    height: 160px;
  }

+  .no-apps {
+    background-color: var(--spectrum-global-color-gray-100);
+    padding: calc(var(--spacing-xl) * 2);
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    flex-direction: column;
+    gap: var(--spacing-xl);
+  }
+
  @media (max-width: 1000px) {
    .img-logo {
      display: none;
--- a/packages/builder/src/pages/builder/portal/settings/branding.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/branding.svelte
@ -18,6 +18,7 @@
  import { API } from "api"
  import { onMount } from "svelte"
  import { goto } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"

  const imageExtensions = [
    ".png",
@ -206,7 +207,7 @@
  })
 </script>

-{#if $auth.isAdmin && mounted}
+{#if sdk.users.isAdmin($auth.user) && mounted}
  <Layout noPadding>
    <Layout gap="XS" noPadding>
      <div class="title">
@ -400,7 +401,7 @@
          on:click={() => {
            if (isCloud && $auth?.user?.accountPortalAccess) {
              window.open($admin.accountPortalUrl + "/portal/upgrade", "_blank")
-            } else if ($auth.isAdmin) {
+            } else if (sdk.users.isAdmin($auth.user)) {
              $goto("/builder/portal/account/upgrade")
            }
          }}
--- a/packages/builder/src/pages/builder/portal/settings/diagnostics.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/diagnostics.svelte
@ -13,6 +13,7 @@
  import { redirect } from "@roxi/routify"
  import { API } from "api"
  import { onMount } from "svelte"
+  import { sdk } from "@budibase/shared-core"

  let diagnosticInfo = ""

@ -46,7 +47,7 @@
  })
 </script>

-{#if $auth.isAdmin && diagnosticInfo}
+{#if sdk.users.isAdmin($auth.user) && diagnosticInfo}
  <Layout noPadding>
    <Layout gap="XS">
      <Heading size="M">Diagnostics</Heading>
--- a/packages/builder/src/pages/builder/portal/settings/organisation.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/organisation.svelte
@ -13,10 +13,11 @@
  import { auth, organisation, admin } from "stores/portal"
  import { writable } from "svelte/store"
  import { redirect } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"

  // Only admins allowed here
  $: {
-    if (!$auth.isAdmin) {
+    if (!sdk.users.isAdmin($auth.user)) {
      $redirect("../../portal")
    }
  }
@ -50,7 +51,7 @@
  }
 </script>

-{#if $auth.isAdmin}
+{#if sdk.users.isAdmin($auth.user)}
  <Layout noPadding>
    <Layout gap="XS" noPadding>
      <Heading size="M">Organisation</Heading>
--- a/packages/builder/src/pages/builder/portal/settings/version.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/version.svelte
@ -14,6 +14,7 @@
  import { API } from "api"
  import { auth, admin } from "stores/portal"
  import { redirect } from "@roxi/routify"
+  import { sdk } from "@budibase/shared-core"

  let version
  let loaded = false
@ -25,7 +26,7 @@

  // Only admins allowed here
  $: {
-    if (!$auth.isAdmin || $admin.cloud) {
+    if (!sdk.users.isAdmin($auth.user) || $admin.cloud) {
      $redirect("../../portal")
    }
  }
@ -89,7 +90,7 @@
  })
 </script>

-{#if $auth.isAdmin}
+{#if sdk.users.isAdmin($auth.user)}
  <Layout noPadding>
    <Layout gap="XS" noPadding>
      <Heading size="M">Version</Heading>
--- a/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
@ -20,6 +20,7 @@
  import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte"
  import GroupIcon from "./_components/GroupIcon.svelte"
  import GroupUsers from "./_components/GroupUsers.svelte"
+  import { sdk } from "@budibase/shared-core"

  export let groupId

@ -46,7 +47,7 @@
  let editModal, deleteModal

  $: scimEnabled = $features.isScimEnabled
-  $: readonly = !$auth.isAdmin || scimEnabled
+  $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
  $: group = $groups.find(x => x._id === groupId)
  $: groupApps = $apps
    .filter(app =>
--- a/packages/builder/src/pages/builder/portal/users/groups/_components/EditUserPicker.svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/_components/EditUserPicker.svelte
@ -3,6 +3,7 @@
  import UserGroupPicker from "components/settings/UserGroupPicker.svelte"
  import { createPaginationStore } from "helpers/pagination"
  import { auth, groups, users } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"

  export let groupId
  export let onUsersUpdated
@ -13,7 +14,7 @@
  let prevSearch = undefined
  let pageInfo = createPaginationStore()

-  $: readonly = !$auth.isAdmin
+  $: readonly = !sdk.users.isAdmin($auth.user)
  $: page = $pageInfo.page
  $: searchUsers(page, searchTerm)
  $: group = $groups.find(x => x._id === groupId)
--- a/packages/builder/src/pages/builder/portal/users/groups/_components/GroupUsers.svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/_components/GroupUsers.svelte
@ -9,6 +9,7 @@
  import { setContext } from "svelte"
  import ScimBanner from "../../_components/SCIMBanner.svelte"
  import RemoveUserTableRenderer from "../_components/RemoveUserTableRenderer.svelte"
+  import { sdk } from "@budibase/shared-core"

  export let groupId

@ -49,7 +50,7 @@
  ]

  $: scimEnabled = $features.isScimEnabled
-  $: readonly = !$auth.isAdmin || scimEnabled
+  $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled

  const removeUser = async id => {
    await groups.actions.removeUser(groupId, id)
--- a/packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte
@ -2,6 +2,7 @@
  import { ActionButton } from "@budibase/bbui"
  import { getContext } from "svelte"
  import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"

  export let value

@ -13,6 +14,10 @@
  }
 </script>

-<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
+<ActionButton
+  disabled={!sdk.users.isAdmin($auth.user)}
+  size="S"
+  on:click={onClick}
+>
  Remove
 </ActionButton>
--- a/packages/builder/src/pages/builder/portal/users/groups/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/index.svelte
@ -22,6 +22,7 @@
  import GroupNameTableRenderer from "./_components/GroupNameTableRenderer.svelte"
  import { goto } from "@roxi/routify"
  import ScimBanner from "../_components/SCIMBanner.svelte"
+  import { sdk } from "@budibase/shared-core"

  const DefaultGroup = {
    name: "",
@ -40,7 +41,7 @@
    { column: "roles", component: GroupAppsTableRenderer },
  ]

-  $: readonly = !$auth.isAdmin
+  $: readonly = !sdk.users.isAdmin($auth.user)
  $: schema = {
    name: { displayName: "Group", width: "2fr", minWidth: "200px" },
    users: { sortable: false, width: "1fr" },
--- a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
@ -31,6 +31,7 @@
  import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte"
  import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte"
  import ScimBanner from "../_components/SCIMBanner.svelte"
+  import { sdk } from "@budibase/shared-core"

  export let userId

@ -87,8 +88,8 @@

  $: scimEnabled = $features.isScimEnabled
  $: isSSO = !!user?.provider
-  $: readonly = !$auth.isAdmin || scimEnabled
-  $: privileged = user?.admin?.global || user?.builder?.global
+  $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
+  $: privileged = sdk.users.isAdminOrBuilder(user)
  $: nameLabel = getNameLabel(user)
  $: filteredGroups = getFilteredGroups($groups, searchTerm)
  $: availableApps = getAvailableApps($apps, privileged, user?.roles)
@ -97,9 +98,9 @@
      return y._id === userId
    })
  })
-  $: globalRole = user?.admin?.global
+  $: globalRole = sdk.users.isAdmin(user)
    ? "admin"
-    : user?.builder?.global
+    : sdk.users.isBuilder(user)
    ? "developer"
    : "appUser"

@ -285,7 +286,7 @@
          <div class="field">
            <Label size="L">Role</Label>
            <Select
-              disabled={!$auth.isAdmin}
+              disabled={!sdk.users.isAdmin($auth.user)}
              value={globalRole}
              options={Constants.BudibaseRoleOptions}
              on:change={updateUserRole}
--- a/packages/builder/src/pages/builder/portal/users/users/_components/AppsTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/AppsTableRenderer.svelte
@ -1,11 +1,12 @@
 <script>
  import { Icon } from "@budibase/bbui"
  import { apps } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"

  export let value
  export let row

-  $: priviliged = row?.admin?.global || row?.builder?.global
+  $: priviliged = sdk.users.isAdminOrBuilder(row)
  $: count = priviliged ? $apps.length : value?.length || 0
 </script>

--- a/packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte
@ -2,6 +2,7 @@
  import { ActionButton } from "@budibase/bbui"
  import { getContext } from "svelte"
  import { auth } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"

  export let value

@ -13,6 +14,10 @@
  }
 </script>

-<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
+<ActionButton
+  disabled={!sdk.users.isAdmin($auth.user)}
+  size="S"
+  on:click={onClick}
+>
  Remove
 </ActionButton>
--- a/packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte
@ -2,6 +2,7 @@
  import { createEventDispatcher } from "svelte"
  import { Body, Select, ModalContent, notifications } from "@budibase/bbui"
  import { users } from "stores/portal"
+  import { sdk } from "@budibase/shared-core"

  export let app
  export let user
@ -15,7 +16,7 @@
    .filter(role => role._id !== "PUBLIC")
    .map(role => ({ value: role._id, label: role.name }))

-  if (!user?.builder?.global) {
+  if (!sdk.users.isBuilder(user, app?.appId)) {
    options.push({ value: NO_ACCESS, label: "No Access" })
  }
  let selectedRole = user?.roles?.[app?._id]
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@ -39,6 +39,7 @@
  import { API } from "api"
  import { OnboardingType } from "../../../../../constants"
  import ScimBanner from "../_components/SCIMBanner.svelte"
+  import { sdk } from "@budibase/shared-core"

  const fetch = fetchData({
    API,
@ -66,7 +67,7 @@
  let userData = []

  $: isOwner = $auth.accountPortalAccess && $admin.cloud
-  $: readonly = !$auth.isAdmin || $features.isScimEnabled
+  $: readonly = !sdk.users.isAdmin($auth.user) || $features.isScimEnabled

  $: debouncedUpdateFetch(searchEmail)
  $: schema = {
--- a/packages/builder/src/stores/portal/auth.js
+++ b/packages/builder/src/stores/portal/auth.js
@ -2,6 +2,7 @@ import { derived, writable, get } from "svelte/store"
 import { API } from "api"
 import { admin } from "stores/portal"
 import analytics from "analytics"
+import { sdk } from "@budibase/shared-core"

 export function createAuthStore() {
  const auth = writable({
@ -13,13 +14,6 @@ export function createAuthStore() {
    postLogout: false,
  })
  const store = derived(auth, $store => {
-    let isAdmin = false
-    let isBuilder = false
-    if ($store.user) {
-      const user = $store.user
-      isAdmin = !!user.admin?.global
-      isBuilder = !!user.builder?.global
-    }
    return {
      user: $store.user,
      accountPortalAccess: $store.accountPortalAccess,
@ -27,8 +21,6 @@ export function createAuthStore() {
      tenantSet: $store.tenantSet,
      loaded: $store.loaded,
      postLogout: $store.postLogout,
-      isAdmin,
-      isBuilder,
      isSSO: !!$store.user?.provider,
    }
  })
@ -57,8 +49,8 @@ export function createAuthStore() {
              name: user.account?.name,
              user_id: user._id,
              tenant: user.tenantId,
-              admin: user?.admin?.global,
-              builder: user?.builder?.global,
+              admin: sdk.users.isAdmin(user),
+              builder: sdk.users.isBuilder(user),
              "Company size": user.account?.size,
              "Job role": user.account?.profession,
            },
--- a/packages/builder/src/stores/portal/menu.js
+++ b/packages/builder/src/stores/portal/menu.js
@ -2,8 +2,12 @@ import { derived } from "svelte/store"
 import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
 import { admin } from "./admin"
 import { auth } from "./auth"
+import { sdk } from "@budibase/shared-core"

 export const menu = derived([admin, auth], ([$admin, $auth]) => {
+  const user = $auth?.user
+  const isAdmin = sdk.users.isAdmin(user)
+  const cloud = $admin?.cloud
  // Determine user sub pages
  let userSubPages = [
    {
@ -24,19 +28,21 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
      title: "Apps",
      href: "/builder/portal/apps",
    },
-    {
+  ]
+  if (sdk.users.isGlobalBuilder(user)) {
+    menu.push({
      title: "Users",
      href: "/builder/portal/users",
      subPages: userSubPages,
-    },
-    {
+    })
+    menu.push({
      title: "Plugins",
      href: "/builder/portal/plugins",
-    },
-  ]
+    })
+  }

  // Add settings page for admins
-  if ($auth.isAdmin) {
+  if (isAdmin) {
    let settingsSubPages = [
      {
        title: "Auth",
@ -59,7 +65,7 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
        href: "/builder/portal/settings/environment",
      },
    ]
-    if (!$admin.cloud) {
+    if (!cloud) {
      settingsSubPages.push({
        title: "Version",
        href: "/builder/portal/settings/version",
@ -84,38 +90,35 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
        href: "/builder/portal/account/usage",
      },
    ]
-    if ($auth.isAdmin) {
+    if (isAdmin) {
      accountSubPages.push({
        title: "Audit Logs",
        href: "/builder/portal/account/auditLogs",
      })

-      if (!$admin.cloud) {
+      if (!cloud) {
        accountSubPages.push({
          title: "System Logs",
          href: "/builder/portal/account/systemLogs",
        })
      }
    }
-    if ($admin.cloud && $auth?.user?.accountPortalAccess) {
+    if (cloud && user?.accountPortalAccess) {
      accountSubPages.push({
        title: "Upgrade",
-        href: $admin.accountPortalUrl + "/portal/upgrade",
+        href: $admin?.accountPortalUrl + "/portal/upgrade",
      })
-    } else if (!$admin.cloud && $auth.isAdmin) {
+    } else if (!cloud && isAdmin) {
      accountSubPages.push({
        title: "Upgrade",
        href: "/builder/portal/account/upgrade",
      })
    }
    // add license check here
-    if (
-      $auth?.user?.accountPortalAccess &&
-      $auth.user.account.stripeCustomerId
-    ) {
+    if (user?.accountPortalAccess && user.account.stripeCustomerId) {
      accountSubPages.push({
        title: "Billing",
-        href: $admin.accountPortalUrl + "/portal/billing",
+        href: $admin?.accountPortalUrl + "/portal/billing",
      })
    }
    menu.push({
--- a/packages/builder/src/stores/portal/users.js
+++ b/packages/builder/src/stores/portal/users.js
@ -2,6 +2,7 @@ import { writable } from "svelte/store"
 import { API } from "api"
 import { update } from "lodash"
 import { licensing } from "."
+import { sdk } from "@budibase/shared-core"

 export function createUsersStore() {
  const { subscribe, set } = writable({})
@ -111,8 +112,12 @@ export function createUsersStore() {
    return await API.saveUser(user)
  }

-  const getUserRole = ({ admin, builder }) =>
-    admin?.global ? "admin" : builder?.global ? "developer" : "appUser"
+  const getUserRole = user =>
+    sdk.users.isAdmin(user)
+      ? "admin"
+      : sdk.users.isBuilder(user)
+      ? "developer"
+      : "appUser"

  const refreshUsage =
    fn =>
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@ -14,6 +14,7 @@
    "tsc": "tsc -p tsconfig.build.json",
    "pkg": "pkg . --out-path build --no-bytecode --public --public-packages \"*\" -C GZip",
    "build": "yarn prebuild && yarn rename && yarn tsc && yarn pkg && yarn postbuild",
+    "check:types": "tsc -p tsconfig.json --noEmit --paths null",
    "postbuild": "rm -rf prebuilds 2> /dev/null"
  },
  "pkg": {
@ -45,7 +46,7 @@
    "lookpath": "1.1.0",
    "node-fetch": "2.6.7",
    "pkg": "5.8.0",
-    "posthog-node": "1.0.7",
+    "posthog-node": "1.3.0",
    "pouchdb": "7.3.0",
    "pouchdb-replication-stream": "1.2.9",
    "randomstring": "1.1.5",
@ -70,7 +71,8 @@
        "dependsOn": [
          {
            "projects": [
-              "@budibase/backend-core"
+              "@budibase/backend-core",
+              "@budibase/string-templates"
            ],
            "target": "build"
          }
--- a/packages/cli/tsconfig.json
+++ b/packages/cli/tsconfig.json
@ -16,7 +16,6 @@
    "require": ["tsconfig-paths/register"],
    "swc": true
  },
-  "references": [{ "path": "../types" }, { "path": "../backend-core" }],
  "include": ["src/**/*", "package.json"],
  "exclude": ["node_modules", "dist"]
 }
--- a/packages/client/package.json
+++ b/packages/client/package.json
@ -70,14 +70,26 @@
        "dependsOn": [
          {
            "projects": [
+              "@budibase/shared-core",
              "@budibase/string-templates",
-              "@budibase/shared-core"
+              "@budibase/types"
+            ],
+            "target": "build"
+          }
+        ]
+      },
+      "dev:builder": {
+        "dependsOn": [
+          {
+            "projects": [
+              "@budibase/shared-core",
+              "@budibase/string-templates",
+              "@budibase/types"
            ],
            "target": "build"
          }
        ]
      }
    }
-  },
-  "gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
+  }
 }
--- a/packages/client/rollup.config.js
+++ b/packages/client/rollup.config.js
@ -25,11 +25,11 @@ const devPaths = production
  : [
      {
        find: "@budibase/shared-core",
-        replacement: path.resolve("../shared-core/dist/mjs/src/index"),
+        replacement: path.resolve("../shared-core/dist/index"),
      },
      {
        find: "@budibase/types",
-        replacement: path.resolve("../types/dist/mjs/index"),
+        replacement: path.resolve("../types/dist/index"),
      },
    ]

--- a/packages/client/src/components/BlockComponent.svelte
+++ b/packages/client/src/components/BlockComponent.svelte
@ -26,9 +26,9 @@
  $: parentId = $component?.id
  $: inBuilder = $builderStore.inBuilder
  $: instance = {
-    _component: `@budibase/standard-components/${type}`,
+    _component: getComponent(type),
    _id: id,
-    _instanceName: name || type[0].toUpperCase() + type.slice(1),
+    _instanceName: getInstanceName(name, type),
    _styles: {
      ...styles,
      normal: styles?.normal || {},
@ -45,6 +45,30 @@
    }
  }

+  const getComponent = type => {
+    if (!type) {
+      return null
+    }
+    if (type.startsWith("plugin/")) {
+      return type
+    } else {
+      return `@budibase/standard-components/${type}`
+    }
+  }
+
+  const getInstanceName = (name, type) => {
+    if (name) {
+      return name
+    }
+    if (!type) {
+      return "New component"
+    }
+    if (type.startsWith("plugin/")) {
+      type = type.split("plugin/")[1]
+    }
+    return type[0].toUpperCase() + type.slice(1)
+  }
+
  onDestroy(() => {
    if (inBuilder) {
      block.unregisterComponent(id, parentId)
--- a/packages/client/src/sdk.js
+++ b/packages/client/src/sdk.js
@ -18,6 +18,8 @@ import { styleable } from "utils/styleable"
 import { linkable } from "utils/linkable"
 import { getAction } from "utils/getAction"
 import Provider from "components/context/Provider.svelte"
+import Block from "components/Block.svelte"
+import BlockComponent from "components/BlockComponent.svelte"
 import { ActionTypes } from "./constants"
 import { fetchDatasourceSchema } from "./utils/schema.js"
 import { getAPIKey } from "./utils/api.js"
@ -44,4 +46,6 @@ export default {
  Provider,
  ActionTypes,
  getAPIKey,
+  Block,
+  BlockComponent,
 }
--- a/packages/frontend-core/src/components/grid/cells/HeaderCell.svelte
+++ b/packages/frontend-core/src/components/grid/cells/HeaderCell.svelte
@ -27,7 +27,6 @@
    "array",
    "attachment",
    "boolean",
-    "formula",
    "json",
  ]

--- a/packages/pro
+++ b/packages/pro
@ -1 +1 @@
-Subproject commit 63fa1b15f6e2afa8a264d597157fd798c9ce031c
+Subproject commit cf3bef2aad9c739111b306fd0712397adc363f81
--- a/packages/server/nodemon.json
+++ b/packages/server/nodemon.json
@ -1,10 +1,13 @@
 {
-  "watch": ["src", "../backend-core", "../pro"],
-  "ext": "js,ts,json",
-  "ignore": [
-    "src/**/*.spec.ts",
-    "src/**/*.spec.js",
-    "../backend-core/dist/**/*"
+  "watch": [
+    "src",
+    "../backend-core",
+    "../pro",
+    "../types",
+    "../shared-core",
+    "../string-templates"
  ],
+  "ext": "js,ts,json",
+  "ignore": ["src/**/*.spec.ts", "src/**/*.spec.js", "../*/dist/**/*"],
  "exec": "yarn build && node ./dist/index.js"
 }
--- a/packages/server/package.json
+++ b/packages/server/package.json
@ -11,7 +11,7 @@
  "scripts": {
    "prebuild": "rimraf dist/",
    "build": "node ./scripts/build.js",
-    "check:types": "tsc -p tsconfig.build.json --noEmit",
+    "check:types": "tsc -p tsconfig.json --noEmit --paths null",
    "postbuild": "copyfiles -f ../client/dist/budibase-client.js ../client/manifest.json client",
    "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
    "debug": "yarn build && node --expose-gc --inspect=9222 dist/index.js",
@ -179,31 +179,5 @@
  },
  "optionalDependencies": {
    "oracledb": "5.3.0"
-  },
-  "nx": {
-    "targets": {
-      "dev:builder": {
-        "dependsOn": [
-          {
-            "projects": [
-              "@budibase/backend-core"
-            ],
-            "target": "build"
-          }
-        ]
-      },
-      "test": {
-        "dependsOn": [
-          {
-            "projects": [
-              "@budibase/string-templates",
-              "@budibase/shared-core"
-            ],
-            "target": "build"
-          }
-        ]
-      }
-    }
-  },
-  "gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
+  }
 }
--- a/packages/server/scripts/integrations/postgres/init.sql
+++ b/packages/server/scripts/integrations/postgres/init.sql
@ -1,6 +1,6 @@
 SELECT 'CREATE DATABASE main'
 WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'main')\gexec
-CREATE SCHEMA test;
+CREATE SCHEMA "test-1";
 CREATE TYPE person_job AS ENUM ('qa', 'programmer', 'designer');
 CREATE TABLE Persons (
    PersonID SERIAL PRIMARY KEY,
@ -39,7 +39,7 @@ CREATE TABLE Products_Tasks (
            REFERENCES Tasks(TaskID),
    PRIMARY KEY (ProductID, TaskID)
 );
-CREATE TABLE test.table1 (
+CREATE TABLE "test-1".table1 (
  id SERIAL PRIMARY KEY,
  Name varchar(255)
 );
@ -60,7 +60,7 @@ INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (1, 1);
 INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (2, 1);
 INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (3, 1);
 INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (1, 2);
-INSERT INTO test.table1 (Name) VALUES ('Test');
+INSERT INTO "test-1".table1 (Name) VALUES ('Test');
 INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('aaa', 'bbb', 'Michael');
 INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('bbb', 'ccc', 'Andrew');
 INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('ddd', '', 'OneKey');
--- a/packages/server/scripts/test.sh
+++ b/packages/server/scripts/test.sh
@ -6,8 +6,8 @@ then
  # --runInBand performs better in ci where resources are limited
  export NODE_OPTIONS="--max-old-space-size=4096"
  node ../../node_modules/jest/bin/jest.js --version
-  echo "jest --coverage --maxWorkers=2 --forceExit"
-  jest --coverage --maxWorkers=2 --forceExit --workerIdleMemoryLimit=2000MB
+  echo "jest --coverage --maxWorkers=2 --forceExit --workerIdleMemoryLimit=2000MB --bail"
+  jest --coverage --maxWorkers=2 --forceExit --workerIdleMemoryLimit=2000MB --bail
 else
  # --maxWorkers performs better in development
  echo "jest --coverage --maxWorkers=2 --forceExit"
--- a/packages/server/src/api/controllers/application.ts
+++ b/packages/server/src/api/controllers/application.ts
@ -30,6 +30,7 @@ import {
  objectStore,
  roles,
  tenancy,
+  users,
 } from "@budibase/backend-core"
 import { USERS_TABLE_SCHEMA } from "../../constants"
 import {
@ -49,8 +50,8 @@ import {
  MigrationType,
  PlanType,
  Screen,
-  SocketSession,
  UserCtx,
+  ContextUser,
 } from "@budibase/types"
 import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
 import sdk from "../../sdk"
@ -177,32 +178,10 @@ export const addSampleData = async (ctx: UserCtx) => {
 }

 export async function fetch(ctx: UserCtx) {
-  const dev = ctx.query && ctx.query.status === AppStatus.DEV
-  const all = ctx.query && ctx.query.status === AppStatus.ALL
-  const apps = (await dbCore.getAllApps({ dev, all })) as App[]
-
-  const appIds = apps
-    .filter((app: any) => app.status === "development")
-    .map((app: any) => app.appId)
-
-  // get the locks for all the dev apps
-  if (dev || all) {
-    const locks = await getLocksById(appIds)
-    for (let app of apps) {
-      const lock = locks[app.appId]
-      if (lock) {
-        app.lockedBy = lock
-      } else {
-        // make sure its definitely not present
-        delete app.lockedBy
-      }
-    }
-  }
-
-  // Enrich apps with all builder user sessions
-  const enrichedApps = await sdk.users.sessions.enrichApps(apps)
-
-  ctx.body = await checkAppMetadata(enrichedApps)
+  ctx.body = await sdk.applications.fetch(
+    ctx.query.status as AppStatus,
+    ctx.user
+  )
 }

 export async function fetchAppDefinition(ctx: UserCtx) {
@ -222,6 +201,7 @@ export async function fetchAppDefinition(ctx: UserCtx) {

 export async function fetchAppPackage(ctx: UserCtx) {
  const db = context.getAppDB()
+  const appId = context.getAppId()
  let application = await db.get<any>(DocumentType.APP_METADATA)
  const layouts = await getLayouts()
  let screens = await getScreens()
@ -233,7 +213,7 @@ export async function fetchAppPackage(ctx: UserCtx) {
  )

  // Only filter screens if the user is not a builder
-  if (!(ctx.user.builder && ctx.user.builder.global)) {
+  if (!users.isBuilder(ctx.user, appId)) {
    const userRoleId = getUserRoleId(ctx)
    const accessController = new roles.AccessController()
    screens = await accessController.checkScreensAccess(screens, userRoleId)
@ -337,6 +317,11 @@ async function performAppCreate(ctx: UserCtx) {
        }
      })

+      // Keep existing validation setting
+      if (!existing.features?.componentValidation) {
+        newApplication.features!.componentValidation = false
+      }
+
      // Migrate navigation settings and screens if required
      if (existing) {
        const navigation = await migrateAppNavigation()
--- a/packages/server/src/api/controllers/row/index.ts
+++ b/packages/server/src/api/controllers/row/index.ts
@ -11,10 +11,6 @@ import {
  Row,
  PatchRowRequest,
  PatchRowResponse,
-  SearchResponse,
-  SortOrder,
-  SortType,
-  ViewV2,
 } from "@budibase/types"
 import * as utils from "./utils"
 import { gridSocket } from "../../../websockets"
@ -23,6 +19,7 @@ import { fixRow } from "../public/rows"
 import sdk from "../../../sdk"
 import * as exporters from "../view/exporters"
 import { apiFileReturn } from "../../../utilities/fileSystem"
+export * as views from "./views"

 function pickApi(tableId: any) {
  if (isExternalTable(tableId)) {
@ -37,6 +34,7 @@ export async function patch(
  const appId = ctx.appId
  const tableId = utils.getTableId(ctx)
  const body = ctx.request.body
+
  // if it doesn't have an _id then its save
  if (body && !body._id) {
    return save(ctx)
@ -62,13 +60,14 @@ export async function patch(
  }
 }

-export const save = async (ctx: any) => {
+export const save = async (ctx: UserCtx<Row, Row>) => {
  const appId = ctx.appId
  const tableId = utils.getTableId(ctx)
  const body = ctx.request.body
+
  // if it has an ID already then its a patch
  if (body && body._id) {
-    return patch(ctx)
+    return patch(ctx as UserCtx<PatchRowRequest, PatchRowResponse>)
  }
  const { row, table, squashed } = await quotas.addRow(() =>
    quotas.addQuery(() => pickApi(tableId).save(ctx), {
@ -147,7 +146,7 @@ async function deleteRows(ctx: UserCtx<DeleteRowRequest>) {
  const rowDeletes: Row[] = await processDeleteRowsRequest(ctx)
  deleteRequest.rows = rowDeletes

-  let { rows } = await quotas.addQuery<any>(
+  const { rows } = await quotas.addQuery(
    () => pickApi(tableId).bulkDestroy(ctx),
    {
      datasourceId: tableId,
@ -167,13 +166,13 @@ async function deleteRow(ctx: UserCtx<DeleteRowRequest>) {
  const appId = ctx.appId
  const tableId = utils.getTableId(ctx)

-  let resp = await quotas.addQuery<any>(() => pickApi(tableId).destroy(ctx), {
+  const resp = await quotas.addQuery(() => pickApi(tableId).destroy(ctx), {
    datasourceId: tableId,
  })
  await quotas.removeRow()

  ctx.eventEmitter && ctx.eventEmitter.emitRow(`row:delete`, appId, resp.row)
-  gridSocket?.emitRowDeletion(ctx, resp.row._id)
+  gridSocket?.emitRowDeletion(ctx, resp.row._id!)

  return resp
 }
@ -212,83 +211,6 @@ export async function search(ctx: any) {
  })
 }

-function getSortOptions(
-  ctx: Ctx,
-  view: ViewV2
-):
-  | {
-      sort: string
-      sortOrder?: SortOrder
-      sortType?: SortType
-    }
-  | undefined {
-  const { sort_column, sort_order, sort_type } = ctx.query
-  if (Array.isArray(sort_column)) {
-    ctx.throw(400, "sort_column cannot be an array")
-  }
-  if (Array.isArray(sort_order)) {
-    ctx.throw(400, "sort_order cannot be an array")
-  }
-  if (Array.isArray(sort_type)) {
-    ctx.throw(400, "sort_type cannot be an array")
-  }
-
-  if (sort_column) {
-    return {
-      sort: sort_column,
-      sortOrder: sort_order as SortOrder,
-      sortType: sort_type as SortType,
-    }
-  }
-  if (view.sort) {
-    return {
-      sort: view.sort.field,
-      sortOrder: view.sort.order,
-      sortType: view.sort.type,
-    }
-  }
-
-  return
-}
-
-export async function searchView(ctx: Ctx<void, SearchResponse>) {
-  const { viewId } = ctx.params
-
-  const view = await sdk.views.get(viewId)
-  if (!view) {
-    ctx.throw(404, `View ${viewId} not found`)
-  }
-
-  if (view.version !== 2) {
-    ctx.throw(400, `This method only supports viewsV2`)
-  }
-
-  const table = await sdk.tables.getTable(view?.tableId)
-
-  const viewFields =
-    (view.columns &&
-      Object.entries(view.columns).length &&
-      Object.keys(sdk.views.enrichSchema(view, table.schema).schema)) ||
-    undefined
-
-  ctx.status = 200
-  const result = await quotas.addQuery(
-    () =>
-      sdk.rows.search({
-        tableId: view.tableId,
-        query: view.query || {},
-        fields: viewFields,
-        ...getSortOptions(ctx, view),
-      }),
-    {
-      datasourceId: view.tableId,
-    }
-  )
-
-  result.rows.forEach(r => (r._viewId = view.id))
-  ctx.body = result
-}
-
 export async function validate(ctx: Ctx) {
  const tableId = utils.getTableId(ctx)
  // external tables are hard to validate currently
--- a/packages/server/src/api/controllers/row/internal.ts
+++ b/packages/server/src/api/controllers/row/internal.ts
@ -93,7 +93,6 @@ export async function patch(ctx: UserCtx<PatchRowRequest, PatchRowResponse>) {
 }

 export async function save(ctx: UserCtx) {
-  const db = context.getAppDB()
  let inputs = ctx.request.body
  inputs.tableId = ctx.params.tableId

@ -177,7 +176,6 @@ export async function destroy(ctx: UserCtx) {
 }

 export async function bulkDestroy(ctx: UserCtx) {
-  const db = context.getAppDB()
  const tableId = ctx.params.tableId
  const table = await sdk.tables.getTable(tableId)
  let { rows } = ctx.request.body
@ -206,6 +204,7 @@ export async function bulkDestroy(ctx: UserCtx) {
      })
    )
  } else {
+    const db = context.getAppDB()
    await db.bulkDocs(processedRows.map(row => ({ ...row, _deleted: true })))
  }
  // remove any attachments that were on the rows from object storage
--- a/packages/server/src/api/controllers/row/views.ts
+++ b/packages/server/src/api/controllers/row/views.ts
@ -0,0 +1,86 @@
+import { quotas } from "@budibase/pro"
+import {
+  UserCtx,
+  SearchResponse,
+  SortOrder,
+  SortType,
+  ViewV2,
+} from "@budibase/types"
+import sdk from "../../../sdk"
+
+export async function searchView(ctx: UserCtx<void, SearchResponse>) {
+  const { viewId } = ctx.params
+
+  const view = await sdk.views.get(viewId)
+  if (!view) {
+    ctx.throw(404, `View ${viewId} not found`)
+  }
+
+  if (view.version !== 2) {
+    ctx.throw(400, `This method only supports viewsV2`)
+  }
+
+  const table = await sdk.tables.getTable(view?.tableId)
+
+  const viewFields =
+    (view.columns &&
+      Object.entries(view.columns).length &&
+      Object.keys(sdk.views.enrichSchema(view, table.schema).schema)) ||
+    undefined
+
+  ctx.status = 200
+  const result = await quotas.addQuery(
+    () =>
+      sdk.rows.search({
+        tableId: view.tableId,
+        query: view.query || {},
+        fields: viewFields,
+        ...getSortOptions(ctx, view),
+      }),
+    {
+      datasourceId: view.tableId,
+    }
+  )
+
+  result.rows.forEach(r => (r._viewId = view.id))
+  ctx.body = result
+}
+
+function getSortOptions(
+  ctx: UserCtx,
+  view: ViewV2
+):
+  | {
+      sort: string
+      sortOrder?: SortOrder
+      sortType?: SortType
+    }
+  | undefined {
+  const { sort_column, sort_order, sort_type } = ctx.query
+  if (Array.isArray(sort_column)) {
+    ctx.throw(400, "sort_column cannot be an array")
+  }
+  if (Array.isArray(sort_order)) {
+    ctx.throw(400, "sort_order cannot be an array")
+  }
+  if (Array.isArray(sort_type)) {
+    ctx.throw(400, "sort_type cannot be an array")
+  }
+
+  if (sort_column) {
+    return {
+      sort: sort_column,
+      sortOrder: sort_order as SortOrder,
+      sortType: sort_type as SortType,
+    }
+  }
+  if (view.sort) {
+    return {
+      sort: view.sort.field,
+      sortOrder: view.sort.order,
+      sortType: view.sort.type,
+    }
+  }
+
+  return
+}
--- a/packages/server/src/api/controllers/view/viewsV2.ts
+++ b/packages/server/src/api/controllers/view/viewsV2.ts
@ -2,15 +2,86 @@ import sdk from "../../../sdk"
 import {
  CreateViewRequest,
  Ctx,
+  UIFieldMetadata,
  UpdateViewRequest,
  ViewResponse,
+  ViewV2,
+  RequiredKeys,
 } from "@budibase/types"

+async function parseSchemaUI(ctx: Ctx, view: CreateViewRequest) {
+  if (!view.schema) {
+    return
+  }
+
+  function hasOverrides(
+    newObj: Record<string, any>,
+    existingObj: Record<string, any>
+  ) {
+    const result = Object.entries(newObj).some(([key, value]) => {
+      const isObject = typeof value === "object"
+      const existing = existingObj[key]
+      if (isObject && hasOverrides(value, existing || {})) {
+        return true
+      }
+      if (!isObject && value !== existing) {
+        return true
+      }
+    })
+
+    return result
+  }
+
+  const table = await sdk.tables.getTable(view.tableId)
+  for (const [
+    fieldName,
+    { order, width, visible, icon, ...schemaNonUI },
+  ] of Object.entries(view.schema)) {
+    const overrides = hasOverrides(schemaNonUI, table.schema[fieldName])
+    if (overrides) {
+      ctx.throw(
+        400,
+        "This endpoint does not support overriding non UI fields in the schema"
+      )
+    }
+  }
+
+  const schemaUI =
+    view.schema &&
+    Object.entries(view.schema).reduce((p, [fieldName, schemaValue]) => {
+      const fieldSchema: RequiredKeys<UIFieldMetadata> = {
+        order: schemaValue.order,
+        width: schemaValue.width,
+        visible: schemaValue.visible,
+        icon: schemaValue.icon,
+      }
+      Object.entries(fieldSchema)
+        .filter(([_, val]) => val === undefined)
+        .forEach(([key]) => {
+          delete fieldSchema[key as keyof UIFieldMetadata]
+        })
+      p[fieldName] = fieldSchema
+      return p
+    }, {} as Record<string, RequiredKeys<UIFieldMetadata>>)
+  return schemaUI
+}
+
 export async function create(ctx: Ctx<CreateViewRequest, ViewResponse>) {
  const view = ctx.request.body
  const { tableId } = view

-  const result = await sdk.views.create(tableId, view)
+  const schemaUI = await parseSchemaUI(ctx, view)
+
+  const parsedView: Omit<RequiredKeys<ViewV2>, "id" | "version"> = {
+    name: view.name,
+    tableId: view.tableId,
+    query: view.query,
+    sort: view.sort,
+    columns: view.schema && Object.keys(view.schema),
+    schemaUI,
+    primaryDisplay: view.primaryDisplay,
+  }
+  const result = await sdk.views.create(tableId, parsedView)
  ctx.status = 201
  ctx.body = {
    data: result,
@ -30,7 +101,20 @@ export async function update(ctx: Ctx<UpdateViewRequest, ViewResponse>) {

  const { tableId } = view

-  const result = await sdk.views.update(tableId, view)
+  const schemaUI = await parseSchemaUI(ctx, view)
+  const parsedView: RequiredKeys<ViewV2> = {
+    id: view.id,
+    name: view.name,
+    version: view.version,
+    tableId: view.tableId,
+    query: view.query,
+    sort: view.sort,
+    columns: view.schema && Object.keys(view.schema),
+    schemaUI,
+    primaryDisplay: view.primaryDisplay,
+  }
+
+  const result = await sdk.views.update(tableId, parsedView)
  ctx.body = {
    data: result,
  }
--- a/packages/server/src/api/routes/application.ts
+++ b/packages/server/src/api/routes/application.ts
@ -15,7 +15,7 @@ router
  )
  .post(
    "/api/applications",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
    applicationValidator(),
    controller.create
  )
@ -55,7 +55,7 @@ router
  )
  .delete(
    "/api/applications/:appId",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
    controller.destroy
  )

--- a/packages/server/src/api/routes/plugin.ts
+++ b/packages/server/src/api/routes/plugin.ts
@ -8,14 +8,18 @@ const router: Router = new Router()
 router
  .post(
    "/api/plugin/upload",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
    controller.upload
  )
-  .post("/api/plugin", authorized(permissions.BUILDER), controller.create)
-  .get("/api/plugin", authorized(permissions.BUILDER), controller.fetch)
+  .post(
+    "/api/plugin",
+    authorized(permissions.GLOBAL_BUILDER),
+    controller.create
+  )
+  .get("/api/plugin", authorized(permissions.GLOBAL_BUILDER), controller.fetch)
  .delete(
    "/api/plugin/:pluginId",
-    authorized(permissions.BUILDER),
+    authorized(permissions.GLOBAL_BUILDER),
    controller.destroy
  )

--- a/packages/server/src/api/routes/public/index.ts
+++ b/packages/server/src/api/routes/public/index.ts
@ -7,14 +7,14 @@ import userEndpoints from "./users"
 import authorized from "../../../middleware/authorized"
 import publicApi from "../../../middleware/publicApi"
 import { paramResource, paramSubResource } from "../../../middleware/resourceId"
+import { PermissionType, PermissionLevel } from "@budibase/types"
 import { CtxFn } from "./utils/Endpoint"
 import mapperMiddleware from "./middleware/mapper"
 import env from "../../../environment"
 // below imports don't have declaration files
 const Router = require("@koa/router")
 const { RateLimit, Stores } = require("koa2-ratelimit")
-import { middleware, redis, permissions } from "@budibase/backend-core"
-const { PermissionType, PermissionLevel } = permissions
+import { middleware, redis } from "@budibase/backend-core"

 const PREFIX = "/api/public/v1"
 // allow a lot more requests when in test
@ -111,7 +111,7 @@ function applyAdminRoutes(endpoints: any) {

 function applyRoutes(
  endpoints: any,
-  permType: string,
+  permType: PermissionType,
  resource: string,
  subResource?: string
 ) {
--- a/packages/server/src/api/routes/row.ts
+++ b/packages/server/src/api/routes/row.ts
@ -4,6 +4,9 @@ import authorized from "../../middleware/authorized"
 import { paramResource, paramSubResource } from "../../middleware/resourceId"
 import { permissions } from "@budibase/backend-core"
 import { internalSearchValidator } from "./utils/validators"
+import noViewData from "../../middleware/noViewData"
+import trimViewRowInfo from "../../middleware/trimViewRowInfo"
+import * as utils from "../../db/utils"
 const { PermissionType, PermissionLevel } = permissions

 const router: Router = new Router()
@ -146,11 +149,6 @@ router
    authorized(PermissionType.TABLE, PermissionLevel.READ),
    rowController.search
  )
-  .get(
-    "/api/v2/views/:viewId/search",
-    authorized(PermissionType.VIEW, PermissionLevel.READ),
-    rowController.searchView
-  )
  /**
   * @api {post} /api/:tableId/rows Creates a new row
   * @apiName Creates a new row
@ -179,6 +177,7 @@ router
    "/api/:tableId/rows",
    paramResource("tableId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
+    noViewData,
    rowController.save
  )
  /**
@ -193,6 +192,7 @@ router
    "/api/:tableId/rows",
    paramResource("tableId"),
    authorized(PermissionType.TABLE, PermissionLevel.WRITE),
+    noViewData,
    rowController.patch
  )
  /**
@ -268,4 +268,91 @@ router
    rowController.exportRows
  )

+router
+  .get(
+    "/api/v2/views/:viewId/search",
+    authorized(PermissionType.VIEW, PermissionLevel.READ),
+    rowController.views.searchView
+  )
+  /**
+   * @api {post} /api/:tableId/rows Creates a new row
+   * @apiName Creates a new row
+   * @apiGroup rows
+   * @apiPermission table write access
+   * @apiDescription This API will create a new row based on the supplied body. If the
+   * body includes an "_id" field then it will update an existing row if the field
+   * links to one. Please note that "_id", "_rev" and "tableId" are fields that are
+   * already used by Budibase tables and cannot be used for columns.
+   *
+   * @apiParam {string} tableId The ID of the table to save a row to.
+   *
+   * @apiParam (Body) {string} [_id] If the row exists already then an ID for the row must be provided.
+   * @apiParam (Body) {string} [_rev] If working with an existing row for an internal table its revision
+   * must also be provided.
+   * @apiParam (Body) {string} _viewId The ID of the view should be specified in the row body itself.
+   * @apiParam (Body) {string} tableId The ID of the table should also be specified in the row body itself.
+   * @apiParam (Body) {any} [any] Any field supplied in the body will be assessed to see if it matches
+   * a column in the specified table. All other fields will be dropped and not stored.
+   *
+   * @apiSuccess {string} _id The ID of the row that was just saved, if it was just created this
+   * is the rows new ID.
+   * @apiSuccess {string} [_rev] If saving to an internal table a revision will also be returned.
+   * @apiSuccess {object} body The contents of the row that was saved will be returned as well.
+   */
+  .post(
+    "/api/v2/views/:viewId/rows",
+    paramResource("viewId"),
+    authorized(PermissionType.VIEW, PermissionLevel.WRITE),
+    trimViewRowInfo,
+    rowController.save
+  )
+  /**
+   * @api {patch} /api/v2/views/:viewId/rows/:rowId Updates a row
+   * @apiName Update a row
+   * @apiGroup rows
+   * @apiPermission table write access
+   * @apiDescription This endpoint is identical to the row creation endpoint but instead it will
+   * error if an _id isn't provided, it will only function for existing rows.
+   */
+  .patch(
+    "/api/v2/views/:viewId/rows/:rowId",
+    paramResource("viewId"),
+    authorized(PermissionType.VIEW, PermissionLevel.WRITE),
+    trimViewRowInfo,
+    rowController.patch
+  )
+  /**
+   * @api {delete} /api/v2/views/:viewId/rows Delete rows for a view
+   * @apiName Delete rows for a view
+   * @apiGroup rows
+   * @apiPermission table write access
+   * @apiDescription This endpoint can delete a single row, or delete them in a bulk
+   * fashion.
+   *
+   * @apiParam {string} tableId The ID of the table the row is to be deleted from.
+   *
+   * @apiParam (Body) {object[]} [rows] If bulk deletion is desired then provide the rows in this
+   * key of the request body that are to be deleted.
+   * @apiParam (Body) {string} [_id] If deleting a single row then provide its ID in this field.
+   * @apiParam (Body) {string} [_rev] If deleting a single row from an internal table then provide its
+   * revision here.
+   *
+   * @apiSuccess {object[]|object} body If deleting bulk then the response body will be an array
+   * of the deleted rows, if deleting a single row then the body will contain a "row" property which
+   * is the deleted row.
+   */
+  .delete(
+    "/api/v2/views/:viewId/rows",
+    paramResource("viewId"),
+    authorized(PermissionType.VIEW, PermissionLevel.WRITE),
+    // This is required as the implementation relies on the table id
+    (ctx, next) => {
+      ctx.params.tableId = utils.extractViewInfoFromID(
+        ctx.params.viewId
+      ).tableId
+      return next()
+    },
+    rowController.destroy
+  )
+
 export default router
--- a/packages/server/src/api/routes/tests/row.spec.ts
+++ b/packages/server/src/api/routes/tests/row.spec.ts
@ -16,13 +16,16 @@ import {
  FieldType,
  SortType,
  SortOrder,
-  PatchRowRequest,
+  DeleteRow,
 } from "@budibase/types"
 import {
  expectAnyInternalColsAttributes,
  generator,
  structures,
 } from "@budibase/backend-core/tests"
+import trimViewRowInfoMiddleware from "../../../middleware/trimViewRowInfo"
+import noViewDataMiddleware from "../../../middleware/noViewData"
+import router from "../row"

 describe("/rows", () => {
  let request = setup.getRequest()
@ -391,6 +394,26 @@ describe("/rows", () => {
      expect(saved.arrayFieldArrayStrKnown).toEqual(["One"])
      expect(saved.optsFieldStrKnown).toEqual("Alpha")
    })
+
+    it("should throw an error when creating a table row with view id data", async () => {
+      const res = await request
+        .post(`/api/${row.tableId}/rows`)
+        .send({ ...row, _viewId: generator.guid() })
+        .set(config.defaultHeaders())
+        .expect("Content-Type", /json/)
+        .expect(400)
+      expect(res.body.message).toEqual(
+        "Table row endpoints cannot contain view info"
+      )
+    })
+
+    it("should setup the noViewData middleware", async () => {
+      const route = router.stack.find(
+        r => r.methods.includes("POST") && r.path === "/api/:tableId/rows"
+      )
+      expect(route).toBeDefined()
+      expect(route?.stack).toContainEqual(noViewDataMiddleware)
+    })
  })

  describe("patch", () => {
@ -440,6 +463,33 @@ describe("/rows", () => {
      await assertRowUsage(rowUsage)
      await assertQueryUsage(queryUsage)
    })
+
+    it("should throw an error when creating a table row with view id data", async () => {
+      const existing = await config.createRow()
+
+      const res = await config.api.row.patch(
+        table._id!,
+        {
+          ...existing,
+          _id: existing._id!,
+          _rev: existing._rev!,
+          tableId: table._id!,
+          _viewId: generator.guid(),
+        },
+        { expectStatus: 400 }
+      )
+      expect(res.body.message).toEqual(
+        "Table row endpoints cannot contain view info"
+      )
+    })
+
+    it("should setup the noViewData middleware", async () => {
+      const route = router.stack.find(
+        r => r.methods.includes("PATCH") && r.path === "/api/:tableId/rows"
+      )
+      expect(route).toBeDefined()
+      expect(route?.stack).toContainEqual(noViewDataMiddleware)
+    })
  })

  describe("destroy", () => {
@ -983,7 +1033,7 @@ describe("/rows", () => {
      }

      const view = await config.api.viewV2.create({
-        columns: { name: { visible: true } },
+        schema: { name: {} },
      })
      const response = await config.api.viewV2.search(view.id)

@ -1008,4 +1058,208 @@ describe("/rows", () => {
      expect(response.body.rows).toHaveLength(0)
    })
  })
+
+  describe("view 2.0", () => {
+    function userTable(): Table {
+      return {
+        name: "user",
+        type: "user",
+        schema: {
+          name: {
+            type: FieldType.STRING,
+            name: "name",
+          },
+          surname: {
+            type: FieldType.STRING,
+            name: "name",
+          },
+          age: {
+            type: FieldType.NUMBER,
+            name: "age",
+          },
+          address: {
+            type: FieldType.STRING,
+            name: "address",
+          },
+          jobTitle: {
+            type: FieldType.STRING,
+            name: "jobTitle",
+          },
+        },
+      }
+    }
+
+    const randomRowData = () => ({
+      name: generator.first(),
+      surname: generator.last(),
+      age: generator.age(),
+      address: generator.address(),
+      jobTitle: generator.word(),
+    })
+
+    describe("create", () => {
+      it("should persist a new row with only the provided view fields", async () => {
+        const table = await config.createTable(userTable())
+        const view = await config.api.viewV2.create({
+          tableId: table._id!,
+          schema: {
+            name: { visible: true },
+            surname: { visible: true },
+            address: { visible: true },
+          },
+        })
+
+        const data = randomRowData()
+        const newRow = await config.api.viewV2.row.create(view.id, {
+          tableId: config.table!._id,
+          _viewId: view.id,
+          ...data,
+        })
+
+        const row = await config.api.row.get(table._id!, newRow._id!)
+        expect(row.body).toEqual({
+          name: data.name,
+          surname: data.surname,
+          address: data.address,
+          tableId: config.table!._id,
+          type: "row",
+          _id: expect.any(String),
+          _rev: expect.any(String),
+          createdAt: expect.any(String),
+          updatedAt: expect.any(String),
+        })
+        expect(row.body._viewId).toBeUndefined()
+        expect(row.body.age).toBeUndefined()
+        expect(row.body.jobTitle).toBeUndefined()
+      })
+
+      it("should setup the trimViewRowInfo middleware", async () => {
+        const route = router.stack.find(
+          r =>
+            r.methods.includes("POST") &&
+            r.path === "/api/v2/views/:viewId/rows"
+        )
+        expect(route).toBeDefined()
+        expect(route?.stack).toContainEqual(trimViewRowInfoMiddleware)
+      })
+    })
+
+    describe("patch", () => {
+      it("should update only the view fields for a row", async () => {
+        const table = await config.createTable(userTable())
+        const tableId = table._id!
+        const view = await config.api.viewV2.create({
+          tableId,
+          schema: {
+            name: { visible: true },
+            address: { visible: true },
+          },
+        })
+
+        const newRow = await config.api.viewV2.row.create(view.id, {
+          tableId,
+          _viewId: view.id,
+          ...randomRowData(),
+        })
+        const newData = randomRowData()
+        await config.api.viewV2.row.update(view.id, newRow._id!, {
+          tableId,
+          _viewId: view.id,
+          _id: newRow._id!,
+          _rev: newRow._rev!,
+          ...newData,
+        })
+
+        const row = await config.api.row.get(tableId, newRow._id!)
+        expect(row.body).toEqual({
+          ...newRow,
+          type: "row",
+          name: newData.name,
+          address: newData.address,
+          _id: expect.any(String),
+          _rev: expect.any(String),
+          createdAt: expect.any(String),
+          updatedAt: expect.any(String),
+        })
+        expect(row.body._viewId).toBeUndefined()
+        expect(row.body.age).toBeUndefined()
+        expect(row.body.jobTitle).toBeUndefined()
+      })
+
+      it("should setup the trimViewRowInfo middleware", async () => {
+        const route = router.stack.find(
+          r =>
+            r.methods.includes("PATCH") &&
+            r.path === "/api/v2/views/:viewId/rows/:rowId"
+        )
+        expect(route).toBeDefined()
+        expect(route?.stack).toContainEqual(trimViewRowInfoMiddleware)
+      })
+    })
+
+    describe("destroy", () => {
+      it("should be able to delete a row", async () => {
+        const table = await config.createTable(userTable())
+        const tableId = table._id!
+        const view = await config.api.viewV2.create({
+          tableId,
+          schema: {
+            name: { visible: true },
+            address: { visible: true },
+          },
+        })
+
+        const createdRow = await config.createRow()
+        const rowUsage = await getRowUsage()
+        const queryUsage = await getQueryUsage()
+
+        const body: DeleteRow = {
+          _id: createdRow._id!,
+        }
+        await config.api.viewV2.row.delete(view.id, body)
+
+        await assertRowUsage(rowUsage - 1)
+        await assertQueryUsage(queryUsage + 1)
+
+        await config.api.row.get(tableId, createdRow._id!, {
+          expectStatus: 404,
+        })
+      })
+
+      it("should be able to delete multiple rows", async () => {
+        const table = await config.createTable(userTable())
+        const tableId = table._id!
+        const view = await config.api.viewV2.create({
+          tableId,
+          schema: {
+            name: { visible: true },
+            address: { visible: true },
+          },
+        })
+
+        const rows = [
+          await config.createRow(),
+          await config.createRow(),
+          await config.createRow(),
+        ]
+        const rowUsage = await getRowUsage()
+        const queryUsage = await getQueryUsage()
+
+        await config.api.viewV2.row.delete(view.id, {
+          rows: [rows[0], rows[2]],
+        })
+
+        await assertRowUsage(rowUsage - 2)
+        await assertQueryUsage(queryUsage + 1)
+
+        await config.api.row.get(tableId, rows[0]._id!, {
+          expectStatus: 404,
+        })
+        await config.api.row.get(tableId, rows[2]._id!, {
+          expectStatus: 404,
+        })
+        await config.api.row.get(tableId, rows[1]._id!, { expectStatus: 200 })
+      })
+    })
+  })
 })
--- a/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
+++ b/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
@ -36,7 +36,10 @@ export const clearAllApps = async (
  exceptions: Array<string> = []
 ) => {
  await tenancy.doInTenant(tenantId, async () => {
-    const req: any = { query: { status: AppStatus.DEV }, user: { tenantId } }
+    const req: any = {
+      query: { status: AppStatus.DEV },
+      user: { tenantId, builder: { global: true } },
+    }
    await appController.fetch(req)
    const apps = req.body
    if (!apps || apps.length <= 0) {
--- a/packages/server/src/api/routes/tests/viewV2.spec.ts
+++ b/packages/server/src/api/routes/tests/viewV2.spec.ts
@ -1,10 +1,12 @@
 import * as setup from "./utilities"
 import {
  CreateViewRequest,
+  FieldSchema,
  FieldType,
  SortOrder,
  SortType,
  Table,
+  UpdateViewRequest,
  ViewV2,
 } from "@budibase/types"
 import { generator } from "@budibase/backend-core/tests"
@ -33,20 +35,6 @@ function priceTable(): Table {
 describe("/v2/views", () => {
  const config = setup.getConfig()

-  const viewFilters: Omit<CreateViewRequest, "name" | "tableId"> = {
-    query: { allOr: false, equal: { field: "value" } },
-    sort: {
-      field: "fieldToSort",
-      order: SortOrder.DESCENDING,
-      type: SortType.STRING,
-    },
-    columns: {
-      name: {
-        visible: true,
-      },
-    },
-  }
-
  afterAll(setup.afterAll)

  beforeAll(async () => {
@ -69,21 +57,125 @@ describe("/v2/views", () => {
      })
    })

-    it("can persist views with queries", async () => {
-      const newView: CreateViewRequest = {
+    it("can persist views with all fields", async () => {
+      const newView: Required<CreateViewRequest> = {
        name: generator.name(),
        tableId: config.table!._id!,
-        ...viewFilters,
+        primaryDisplay: generator.word(),
+        query: { allOr: false, equal: { field: "value" } },
+        sort: {
+          field: "fieldToSort",
+          order: SortOrder.DESCENDING,
+          type: SortType.STRING,
+        },
+        schema: {
+          name: {
+            visible: true,
+          },
+        },
      }
      const res = await config.api.viewV2.create(newView)

      expect(res).toEqual({
        ...newView,
-        ...viewFilters,
+        schema: undefined,
+        columns: ["name"],
+        schemaUI: newView.schema,
        id: expect.any(String),
        version: 2,
      })
    })
+
+    it("persist only UI schema overrides", async () => {
+      const newView: CreateViewRequest = {
+        name: generator.name(),
+        tableId: config.table!._id!,
+        schema: {
+          Price: {
+            name: "Price",
+            type: FieldType.NUMBER,
+            visible: true,
+            order: 1,
+            width: 100,
+          },
+          Category: {
+            name: "Category",
+            type: FieldType.STRING,
+            visible: false,
+            icon: "ic",
+          },
+        } as Record<string, FieldSchema>,
+      }
+
+      const createdView = await config.api.viewV2.create(newView)
+
+      expect(await config.api.viewV2.get(createdView.id)).toEqual({
+        ...newView,
+        schema: undefined,
+        columns: ["Price", "Category"],
+        schemaUI: {
+          Price: {
+            visible: true,
+            order: 1,
+            width: 100,
+          },
+          Category: {
+            visible: false,
+            icon: "ic",
+          },
+        },
+        id: createdView.id,
+        version: 2,
+      })
+    })
+
+    it("throw an exception if the schema overrides a non UI field", async () => {
+      const newView: CreateViewRequest = {
+        name: generator.name(),
+        tableId: config.table!._id!,
+        schema: {
+          Price: {
+            name: "Price",
+            type: FieldType.NUMBER,
+            visible: true,
+          },
+          Category: {
+            name: "Category",
+            type: FieldType.STRING,
+            constraints: {
+              type: "string",
+              presence: true,
+            },
+          },
+        } as Record<string, FieldSchema>,
+      }
+
+      await config.api.viewV2.create(newView, {
+        expectStatus: 400,
+      })
+    })
+
+    it("will not throw an exception if the schema is 'deleting' non UI fields", async () => {
+      const newView: CreateViewRequest = {
+        name: generator.name(),
+        tableId: config.table!._id!,
+        schema: {
+          Price: {
+            name: "Price",
+            type: FieldType.NUMBER,
+            visible: true,
+          },
+          Category: {
+            name: "Category",
+            type: FieldType.STRING,
+          },
+        } as Record<string, FieldSchema>,
+      }
+
+      await config.api.viewV2.create(newView, {
+        expectStatus: 201,
+      })
+    })
  })

  describe("update", () => {
@ -115,6 +207,46 @@ describe("/v2/views", () => {
      })
    })

+    it("can update all fields", async () => {
+      const tableId = config.table!._id!
+
+      const updatedData: Required<UpdateViewRequest> = {
+        version: view.version,
+        id: view.id,
+        tableId,
+        name: view.name,
+        primaryDisplay: generator.word(),
+        query: { equal: { [generator.word()]: generator.word() } },
+        sort: {
+          field: generator.word(),
+          order: SortOrder.DESCENDING,
+          type: SortType.STRING,
+        },
+        schema: {
+          Category: {
+            visible: false,
+          },
+        },
+      }
+      await config.api.viewV2.update(updatedData)
+
+      expect(await config.api.table.get(tableId)).toEqual({
+        ...config.table,
+        views: {
+          [view.name]: {
+            ...updatedData,
+            schema: {
+              Category: expect.objectContaining({
+                visible: false,
+              }),
+            },
+          },
+        },
+        _rev: expect.any(String),
+        updatedAt: expect.any(String),
+      })
+    })
+
    it("can update an existing view name", async () => {
      const tableId = config.table!._id!
      await config.api.viewV2.update({ ...view, name: "View B" })
@ -202,6 +334,94 @@ describe("/v2/views", () => {
        status: 400,
      })
    })
+
+    it("updates only UI schema overrides", async () => {
+      await config.api.viewV2.update({
+        ...view,
+        schema: {
+          Price: {
+            name: "Price",
+            type: FieldType.NUMBER,
+            visible: true,
+            order: 1,
+            width: 100,
+          },
+          Category: {
+            name: "Category",
+            type: FieldType.STRING,
+            visible: false,
+            icon: "ic",
+          },
+        } as Record<string, FieldSchema>,
+      })
+
+      expect(await config.api.viewV2.get(view.id)).toEqual({
+        ...view,
+        schema: undefined,
+        columns: ["Price", "Category"],
+        schemaUI: {
+          Price: {
+            visible: true,
+            order: 1,
+            width: 100,
+          },
+          Category: {
+            visible: false,
+            icon: "ic",
+          },
+        },
+        id: view.id,
+        version: 2,
+      })
+    })
+
+    it("throw an exception if the schema overrides a non UI field", async () => {
+      await config.api.viewV2.update(
+        {
+          ...view,
+          schema: {
+            Price: {
+              name: "Price",
+              type: FieldType.NUMBER,
+              visible: true,
+            },
+            Category: {
+              name: "Category",
+              type: FieldType.STRING,
+              constraints: {
+                type: "string",
+                presence: true,
+              },
+            },
+          } as Record<string, FieldSchema>,
+        },
+        {
+          expectStatus: 400,
+        }
+      )
+    })
+
+    it("will not throw an exception if the schema is 'deleting' non UI fields", async () => {
+      await config.api.viewV2.update(
+        {
+          ...view,
+          schema: {
+            Price: {
+              name: "Price",
+              type: FieldType.NUMBER,
+              visible: true,
+            },
+            Category: {
+              name: "Category",
+              type: FieldType.STRING,
+            },
+          } as Record<string, FieldSchema>,
+        },
+        {
+          expectStatus: 200,
+        }
+      )
+    })
  })

  describe("delete", () => {
--- a/packages/server/src/app.ts
+++ b/packages/server/src/app.ts
@ -15,7 +15,15 @@ import * as api from "./api"
 import * as automations from "./automations"
 import { Thread } from "./threads"
 import * as redis from "./utilities/redis"
-import { events, logging, middleware, timers } from "@budibase/backend-core"
+import { ServiceType } from "@budibase/types"
+import {
+  events,
+  logging,
+  middleware,
+  timers,
+  env as coreEnv,
+} from "@budibase/backend-core"
+coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
 import { startup } from "./startup"
 const Sentry = require("@sentry/node")
 const destroyable = require("server-destroy")
--- a/packages/server/src/automations/tests/openai.spec.ts
+++ b/packages/server/src/automations/tests/openai.spec.ts
@ -22,6 +22,10 @@ jest.mock(
  }))
 )

+const mockedOpenAIApi = openai.OpenAIApi as jest.MockedClass<
+  typeof openai.OpenAIApi
+>
+
 const OPENAI_PROMPT = "What is the meaning of life?"

 describe("test the openai action", () => {
@ -68,11 +72,16 @@ describe("test the openai action", () => {
  })

  it("should present the correct error message when an error is thrown from the createChatCompletion call", async () => {
-    openai.OpenAIApi.mockImplementation(() => ({
-      createChatCompletion: jest.fn(() => {
-        throw new Error("An error occurred while calling createChatCompletion")
-      }),
-    }))
+    mockedOpenAIApi.mockImplementation(
+      () =>
+        ({
+          createChatCompletion: jest.fn(() => {
+            throw new Error(
+              "An error occurred while calling createChatCompletion"
+            )
+          }),
+        } as any)
+    )

    const res = await setup.runStep("OPENAI", {
      prompt: OPENAI_PROMPT,
--- a/packages/server/src/db/utils.ts
+++ b/packages/server/src/db/utils.ts
@ -3,10 +3,10 @@ import { db as dbCore } from "@budibase/backend-core"

 type Optional = string | null

-export const AppStatus = {
-  DEV: "development",
-  ALL: "all",
-  DEPLOYED: "published",
+export const enum AppStatus {
+  DEV = "development",
+  ALL = "all",
+  DEPLOYED = "published",
 }

 export const BudibaseInternalDB = {
--- a/packages/server/src/environment.ts
+++ b/packages/server/src/environment.ts
@ -1,3 +1,6 @@
+import { env as coreEnv } from "@budibase/backend-core"
+import { ServiceType } from "@budibase/types"
+coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
 import { join } from "path"

 function isTest() {
--- a/packages/server/src/integrations/base/sql.ts
+++ b/packages/server/src/integrations/base/sql.ts
@ -315,7 +315,7 @@ class InternalBuilder {
  addSorting(query: KnexQuery, json: QueryJson): KnexQuery {
    let { sort, paginate } = json
    const table = json.meta?.table
-    if (sort) {
+    if (sort && Object.keys(sort || {}).length > 0) {
      for (let [key, value] of Object.entries(sort)) {
        const direction =
          value.direction === SortDirection.ASCENDING ? "asc" : "desc"
--- a/packages/server/src/integrations/postgres.ts
+++ b/packages/server/src/integrations/postgres.ts
@ -210,7 +210,7 @@ class PostgresIntegration extends Sql implements DatasourcePlus {
    if (!this.config.schema) {
      this.config.schema = "public"
    }
-    await this.client.query(`SET search_path TO ${this.config.schema}`)
+    await this.client.query(`SET search_path TO "${this.config.schema}"`)
    this.COLUMNS_SQL = `select * from information_schema.columns where table_schema = '${this.config.schema}'`
    this.open = true
  }
--- a/packages/server/src/integrations/tests/googlesheets.spec.ts
+++ b/packages/server/src/integrations/tests/googlesheets.spec.ts
@ -30,7 +30,7 @@ GoogleSpreadsheet.mockImplementation(() => mockGoogleIntegration)
 import { structures } from "@budibase/backend-core/tests"
 import TestConfiguration from "../../tests/utilities/TestConfiguration"
 import GoogleSheetsIntegration from "../googlesheets"
-import { FieldType, Table, TableSchema } from "../../../../types/src/documents"
+import { FieldType, Table, TableSchema } from "@budibase/types"

 describe("Google Sheets Integration", () => {
  let integration: any,
--- a/packages/server/src/integrations/tests/sql.spec.ts
+++ b/packages/server/src/integrations/tests/sql.spec.ts
@ -26,6 +26,12 @@ function generateReadJson({
    filters: filters || {},
    sort: sort || {},
    paginate: paginate || {},
+    meta: {
+      table: {
+        name: table || TABLE_NAME,
+        primary: ["id"],
+      },
+    },
  }
 }

@ -636,4 +642,19 @@ describe("SQL query builder", () => {
      sql: `select * from (select * from (select * from \"test\" where LOWER(\"test\".\"name\") LIKE :1) where rownum <= :2) \"test\"`,
    })
  })
+
+  it("should sort SQL Server tables by the primary key if no sort data is provided", () => {
+    let query = new Sql(SqlClient.MS_SQL, limit)._query(
+      generateReadJson({
+        sort: {},
+        paginate: {
+          limit: 10,
+        },
+      })
+    )
+    expect(query).toEqual({
+      bindings: [10],
+      sql: `select * from (select top (@p0) * from [test] order by [test].[id] asc) as [test]`,
+    })
+  })
 })
--- a/packages/server/src/middleware/authorized.ts
+++ b/packages/server/src/middleware/authorized.ts
@ -1,5 +1,11 @@
-import { roles, permissions, auth, context } from "@budibase/backend-core"
-import { Role } from "@budibase/types"
+import {
+  auth,
+  context,
+  permissions,
+  roles,
+  users,
+} from "@budibase/backend-core"
+import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
 import builderMiddleware from "./builder"
 import { isWebhookEndpoint } from "./utils"

@ -16,15 +22,20 @@ const csrf = auth.buildCsrfMiddleware()
 * - Otherwise the user must have the required role.
 */
 const checkAuthorized = async (
-  ctx: any,
+  ctx: UserCtx,
  resourceRoles: any,
-  permType: any,
-  permLevel: any
+  permType: PermissionType,
+  permLevel: PermissionLevel
 ) => {
+  const appId = context.getAppId()
+  const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
+  const isBuilderApi = permType === PermissionType.BUILDER
+  const globalBuilder = users.isGlobalBuilder(ctx.user)
+  let isBuilder = appId
+    ? users.isBuilder(ctx.user, appId)
+    : users.hasBuilderPermissions(ctx.user)
  // check if this is a builder api and the user is not a builder
-  const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
-  const isBuilderApi = permType === permissions.PermissionType.BUILDER
-  if (isBuilderApi && !isBuilder) {
+  if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
    return ctx.throw(403, "Not Authorized")
  }

@ -35,10 +46,10 @@ const checkAuthorized = async (
 }

 const checkAuthorizedResource = async (
-  ctx: any,
+  ctx: UserCtx,
  resourceRoles: any,
-  permType: any,
-  permLevel: any
+  permType: PermissionType,
+  permLevel: PermissionLevel
 ) => {
  // get the user's roles
  const roleId = ctx.roleId || roles.BUILTIN_ROLE_IDS.PUBLIC
@ -64,8 +75,8 @@ const checkAuthorizedResource = async (
 }

 export default (
-    permType: any,
-    permLevel: any = null,
+    permType: PermissionType,
+    permLevel?: PermissionLevel,
    opts = { schema: false }
  ) =>
  async (ctx: any, next: any) => {
@ -83,12 +94,12 @@ export default (
    let resourceRoles: any = []
    let otherLevelRoles: any = []
    const otherLevel =
-      permLevel === permissions.PermissionLevel.READ
-        ? permissions.PermissionLevel.WRITE
-        : permissions.PermissionLevel.READ
+      permLevel === PermissionLevel.READ
+        ? PermissionLevel.WRITE
+        : PermissionLevel.READ
    const appId = context.getAppId()
    if (appId && hasResource(ctx)) {
-      resourceRoles = await roles.getRequiredResourceRole(permLevel, ctx)
+      resourceRoles = await roles.getRequiredResourceRole(permLevel!, ctx)
      if (opts && opts.schema) {
        otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, ctx)
      }
@ -110,13 +121,16 @@ export default (

    // check general builder stuff, this middleware is a good way
    // to find API endpoints which are builder focused
-    if (permType === permissions.PermissionType.BUILDER) {
+    if (
+      permType === PermissionType.BUILDER ||
+      permType === PermissionType.GLOBAL_BUILDER
+    ) {
      await builderMiddleware(ctx)
    }

    try {
      // check authorized
-      await checkAuthorized(ctx, resourceRoles, permType, permLevel)
+      await checkAuthorized(ctx, resourceRoles, permType, permLevel!)
    } catch (err) {
      // this is a schema, check if
      if (opts && opts.schema && permLevel) {
--- a/packages/server/src/middleware/builder.ts
+++ b/packages/server/src/middleware/builder.ts
@ -10,7 +10,7 @@ import {
  setDebounce,
 } from "../utilities/redis"
 import { db as dbCore, cache } from "@budibase/backend-core"
-import { UserCtx, Database, App } from "@budibase/types"
+import { UserCtx, Database } from "@budibase/types"

 const DEBOUNCE_TIME_SEC = 30

--- a/packages/server/src/middleware/currentapp.ts
+++ b/packages/server/src/middleware/currentapp.ts
@ -4,12 +4,13 @@ import {
  roles,
  tenancy,
  context,
+  users,
 } from "@budibase/backend-core"
 import { generateUserMetadataID, isDevAppID } from "../db/utils"
 import { getCachedSelf } from "../utilities/global"
 import env from "../environment"
 import { isWebhookEndpoint } from "./utils"
-import { UserCtx } from "@budibase/types"
+import { UserCtx, ContextUser } from "@budibase/types"

 export default async (ctx: UserCtx, next: any) => {
  // try to get the appID from the request
@ -23,7 +24,7 @@ export default async (ctx: UserCtx, next: any) => {
    if (
      isDevAppID(requestAppId) &&
      !isWebhookEndpoint(ctx) &&
-      (!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
+      !users.isBuilder(ctx.user, requestAppId)
    ) {
      return ctx.redirect("/")
    }
@ -42,8 +43,7 @@ export default async (ctx: UserCtx, next: any) => {
    roleId = globalUser.roleId || roleId

    // Allow builders to specify their role via a header
-    const isBuilder =
-      globalUser && globalUser.builder && globalUser.builder.global
+    const isBuilder = users.isBuilder(globalUser, appId)
    const isDevApp = appId && isDevAppID(appId)
    const roleHeader =
      ctx.request &&
@ -56,8 +56,7 @@ export default async (ctx: UserCtx, next: any) => {
          roleId = roleHeader

          // Delete admin and builder flags so that the specified role is honoured
-          delete ctx.user.builder
-          delete ctx.user.admin
+          ctx.user = users.removePortalUserPermissions(ctx.user) as ContextUser
        }
      } catch (error) {
        // Swallow error and do nothing
@ -71,7 +70,6 @@ export default async (ctx: UserCtx, next: any) => {
  }

  return context.doInAppContext(appId, async () => {
-    let skipCookie = false
    // if the user not in the right tenant then make sure they have no permissions
    // need to judge this only based on the request app ID,
    if (
@ -81,12 +79,9 @@ export default async (ctx: UserCtx, next: any) => {
      !tenancy.isUserInAppTenant(requestAppId, ctx.user)
    ) {
      // don't error, simply remove the users rights (they are a public user)
-      delete ctx.user.builder
-      delete ctx.user.admin
-      delete ctx.user.roles
+      ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
      ctx.isAuthenticated = false
      roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
-      skipCookie = true
    }

    ctx.appId = appId
--- a/Show More
+++ b/Show More