Re: Make Add Action Only Available to AppSheet API...

mithranatkarsun · 06-30-2023 08:05 AM

Currently, there is a view which is a form that invokes the default action to add to the a table. I only want the Appsheet API and Administrators to be able to add to this table.

How do I setup security in my project to achieve this? I have a Show If condition that checks if the user's email is equivalent to the admin account, so this form is hidden from users. I can access this form on a user account through the deep link appsheet.com/start/1q2w3e4r#view=Form however, so it is not enough.

AleksiAlkio

Hiding the action is not secured. So you would need to do this with the table permission. Admin and server are adds_only and others read_only.

mithranatkarsun

I presume you are talking about this screen:

https://snipboard.io/Zr8L1C.jpg

How do make a case for the server? Server doesn't have a return value for USEREMAIL() I think?

AleksiAlkio

Haven't tested exactly this, but test how it works if you use IF(OR(CONTEXT("Host")="Server",USEREMAIL()="..."),"ADDS_ONLY","READ_ONLY"). If that doesn't give you the correct behavior, you could use the opposite if you don't have lot of users..

IF(IN(USEREMAIL(),LIST(..all emails except admin..)),"READ_ONLY","ADDS_ONLY")

AleksiAlkio

And.. you can always specify the useremail for the API with the parameters.. it's RunAsUseremail=...

Make Add Action Only Available to AppSheet API and Administration