@AleksiAlkio How are the users counted/identified, or what would constitute a unique user when there's no sign-in required? Thanks.

The account counts them.. probably with the device/browser ID. I haven't checked that from devs, but it counts them. If not, then there would be only one guest user and that would not make any sense 🙂

Of course they are counted, I'm not questioning that 😀 I was just trying to understand how. 

So apparently if the same user logs from different devices he would count as many.. 

Thanks Aleksi

I would guess that using the app with different browser but with the same device will count another user as well.

Pricing FAQ - AppSheet Help

If the app doesn't require sign-in, we count every device that launches the app as a separate user. Each signed-in user can use the app on as many as five devices. For example, a user with the email jane@example.com uses an AppSheet app that requires sign-in. When Jane uses the app on her smartphone, desktop, and tablet, it still counts as one user. If the app didn't require sign-in, then it would count as three distinct 'guest' users.

If it counts them, does the number reset at the end of month? And is it concurrent users peak, or all users. So if I have 10 guest users on Tuesday, and 1 guest user every other day of the month of 30 days. Do I need 10 licenses or do I need 39 licenses? And then the following month - if I have a peak of 100 users for that month - but for the following 6 months I only have 10 users per month. So I need to license 100 users at the end of that month and continue to license that for every subsequent month?

The period is not the month, it depends on when you have purchased the Core license. The period should start from that day, not like the 1st day of the month. The basic process should be..
#1 - You pay the licenses in advance
#2 - The service follows how many users are using your deployed apps for the next 30 days
#3 - If the user amount is less than purchased licenses, everything is fine
#4 - If it goes over, the service will send you few warning emails.. and then finally it will block your account if you don't update the license amount
#5 - When you pay the bill again, it starts the same process again

For the 1st question, you need 39. For the 2nd, you need 100 for that one month. After that month, 10 licenses.

Would it be better to have at least the authentication ON so you could have a total control for your licenses? Lets say for example you have 10 app users but they are using your app without auth with 5 different devices/browsers, you would need to have 50 licenses.

Thanks for the response.

The app collects workshop audience responses. Some months we may run a
number of workshops and have 400 people, the next month it could be 10
users.

I would prefer to use security filters to reduce the chance that audience
member could access data that is not theirs. But I don’t want to force the
audience member to login as that is an overhead I would rather avoid for
them.

So it sounds like we should set license count to a fair minimum and monitor
the situation.

Any other thoughts?
--
[image: photo]
Staff Architect, Customer Success, VMware
<PII removed by staff>

Why don't you use Publisher Pro subscription then?

With Publisher Pro you cannot use security filters and can only use
something like slices - is that right--
[image: photo]
Mike Francis
Staff Architect, Customer Success, VMware
(PII Removed by Staff)
| www.vmware.com
| (PII Removed by Staff)

Yes that's true. Though you can filter all data so your app users can only add data, not read it.

Btw.. if you need to use security filter, then your app requires user sign-in. With the option "Allow all signed-in users", you don't need to maintain user's email addresses.

I am using User Settings to capture an email address and then using that email address as the security filter. In this way, they don't have a requirement for an external auth provider.

---

@mikef1990 wrote:

reduce the chance that audience
member could access data that is not theirs

---

As you accurately noted, your approach only "reduces" the chance that one user accesses another's data. As it seems like you realize, your approach doesn't actually prevent that since it does not authenticate the users. Anyone could enter any email address--including another user's email address.

If you have any sensitive data saved, whoever is able to see it. Even if the app would read the email address, someone could hack the Usersettings as it's on the client side.