I build an AppSheet app that uses tables that have a few hundred names and email addresses. I was using Security Filters to limit the table content access to only those rows related to the current user by way of filtering on USEREMAIL(). I need that table because it identifies which users have access to other features within the app and other data that is linked to their email address. Everything works great but now I want to white label and publish the app and switch it to APPSHEET PUBLISHER PRO plan. The catch is that with the Publisher Pro plan doesnโt support Security Filters. Furthermore, this article suggests that public white label end-users would be able to access all the other email addresses regardless:
Any suggestions?
I built a great app with AppSheet and Iโd hate for it to go to waist.
It states:
โWhen the app is opened in a browser, all of the data used by the app is accessible to anyone who opens the developer console and examines the data of the running application. There is no guarantee that the entire table isnโt available even if a slice is defined on that table. The only way to ensure this is to use a security filter for the table.โ
Thanks
Any suggestions for what? What are your requirements?
The only possible alternative for USEREMAIL() in a Public app is CONTEXT(โDeviceโ). But without Security Filters, all data is still downloaded to every userโs device. It can still be accessed by someone who knows what they are doing, whether or not you think youโve โhiddenโ it well in the app or not.
I donโt want the user devise to have all the email addresses download. But without having an email address list how can it link up to the user in order to determine what data they see?
Thanks.
This isnโt even a valid question if youโre talking about a Public app, because it canโt use USEREMAIL().
I have a table where the users can add a record for the email address they claim is theirs. It also inserts their useremail() and a uniqueid() in the backend. Then I have a bot that sends an email to that claimed email address with the row uniqueid() number that they then use as the activation key for that email entry to validate it. Then I link up that validated email address to the data. Anyway, thatโs how I was using it and seemed to be working and sufficiently secure, since they arenโt accessing any sensative data.
If your app doesnโt use security filters, you can NOT secure the data. You can hide it, but someone with sufficient AppSheet savvy can unhide it fairly easily.
Even with security filters, you have to design your tables and the app itself for security. AppSheet is not at all easy to secure.
User | Count |
---|---|
35 | |
30 | |
30 | |
20 | |
18 |