Slice view problem - I can replace the row id in U...

PiotrMyn · 05-10-2023 09:16 AM

Hi guys, I have a problem with the slices and details to view in different contexts.

I have two views.

The first view allows you to see all data (all rows) but with a limited number of columns. Basically, it allows you to see all the general information about the products for all users of the application.

The second View allows to see limited records (filtered by slice formula) with extended, sensitive data in additional columns. Basically, those prices are allowed to be seen only for particular products from the global list.

The problem is that I can take an ID from the first View, where I cannot see sensitive data and exchange the ID in the second View, where sensitive data can be visible. I cannot resolve this by security filter because I need to list all the products in the first view.

What Ideas do you have to mitigate this issue?

I can provide further explanations if you need them.

AleksiAlkio

Please remember that the slice is not a secured way to filter data. If you have sensitive data, you need to use Security filter. If you use database, you could create a view without those sensitive columns and then bring that view as a table but it would need AppSheet Enterprise subscription. If you are using GSheet, you could read the data from one sheet to another sheet with a QUERY(), but less columns. Though that table would be then read-only and not a good solution if you have lot of rows.

Slice view problem - I can replace the row id in URL and see sensitive data