Hi Team,
We’re currently self-hosting n8n using the official Docker image and exploring role-based access control. One of the key requirements from our organization is to restrict or hide specific nodes (like Microsoft SQL or HTTP Request) based on user roles.
We’ve tried using custom UI CSS overrides (N8N_CUSTOM_UI_CSS) to hide nodes visually, but this isn’t a secure solution since users can still access them if they know how.
Is there a proper way (either config-based or plugin/module approach) to disable or hide certain nodes per user role in Docker-based deployments?
Any guidance or best practices on implementing this would be highly appreciated.
Thanks in advance!
n8n currently does not allow you to restrict the use of specific nodes by role. It only offers roles in the context of projects. Roles: Owner, Admin (Editor), and Viewer, which control actions such as viewing, editing flows and credentials, running workflows, managing users, etc. There is no functionality to block or allow individual nodes based on the user’s role.
Although you can use variables like N8N_CUSTOM_UI_CSS to hide nodes visually, it does not prevent them from being added manually or executed from the flow’s JSON data.
To implement real functional control in Docker environments:
Instance A (regular users): Include only secure nodes and set NODES_EXCLUDE to omit sensitive nodes.
Instance B (administrators): Include the entire set of nodes. No restrictions or with NODES_EXCLUDE empty.
Each instance can be deployed in a different container or subdomain and connect to a different database or the same backend (in multi-instance mode). This segments access beyond the UI.