Show HN: We built a permissions layer for Notion (notionportals.com)
Notion's native solution doesn't work:
Row-level filtering exists but it's view-only (contractors can't edit)
Column hiding doesn't exist
Guest sharing is read-only
So you either pay $15/mo per seat or duplicate databases (maintenance nightmare)
I built a permissions layer using Notion's OAuth API. It lets contractors see only specific rows and columns, edit data, all without expensive seats.
How it works:
Connect Notion via OAuth
Define roles: "Sales reps see only leads where owner = them, hide pricing column"
Contractors access a clean portal
They view/edit data in real-time (syncs every 5 minutes)
You pay $59/mo flat for unlimited users
The math:
5 contractors × $15/mo = $900/year wasted
20 contractors × $15/mo = $3,600/year wasted
50 contractors × $15/mo = $9,000/year wasted
With this: all of them = $59/mo flat.
Technical:
Frontend: React + TypeScript
Backend: Supabase + PostgreSQL (RLS)
Auth: Notion OAuth 2.0
Current state: 50 beta testers. First 20 customers get $49/month locked-in (launching at $79 after January).
Limitations:
Only Notion databases (not pages)
5-minute sync (not instant)
Requires role definition
No team permissions yet (roadmap)
The ask: If this solves a problem you have, we'd love feedback. Are there permission use cases we're missing? What's your price sensitivity?
Free trial: notionportals.com
5 comments
[ 4.0 ms ] story [ 21.6 ms ] threadFor your site, it returned a product logo with a very, very different name: https://notionportals.com/og-image.png
Are they? They look made up. I looked up TechFlow and the CFO on their website doesn’t match the one listed in the testimonial. Many of the others don’t seem to have a web presence to speak of at all.
Anyone who uses it for your made-up use-case is silly, and has no sense of 'segregation of duties' (access).
IMHO2: this is a process/procedure problem, not a technical problem (to quote GDPR's phrase) "..technical and organisational measures necessary to ensure.." this is an organisational problem that you are trying to solve as technical.
I have very recently tried to work with Notion staff in applying basic "compliance" controls, and their input/response was next-to-garbage, with a big "we didn't build it for/like this mate" attitude. E.g. complete lack of "canned reports showing inactive users", "canned reports showing failed login attempts", and so on. One will have to drill though the audit logs, extract the lot, and go excel magic. Other 'within-Notion' solutions are (politely) 'inaccurate'.
Overall it is a GRC/Privacy nightmare and I am happy to not be a user of this any more :)
https://portalwith.com