Solved: UX View restric

madhukarb · 04-14-2023 08:32 AM

Hi,

I have created an app which has multiple view and in one view i have restriced the view using Show if "IN(USEREMAIL(),Access for PEX Edit[Access Level for PEX edit])" and it is working by not showing the view for the users which are not part of "Access Level for PEX edit]". However when i give the ULR of the view every one are able to access it.

Is their a way that i can restric URL access as well in appsheet

https://screenshot.googleplex.com/6RNZViL4K8RDwF9

Marc_Dillon

You can't restrict access to the view if they have the URL. Your best bet would be to restrict access to the data itself with security filters.

Also, your screenshot link requires a login. Presumably this is an internal google service? This community is not internal to google.

View solution in original post

WillowMobileSys

Short answer, no.

I am seeing the same problem. I guess it boils down to if you are trying to restrict access to the view or actually the data?

If the view, then you would want to control who the URL is sent to. But if it does go out to someone that typically wouldn't see the view and they DO have access to the data then it's not really a major concern, I wouldn't think. They are just seeing a different view not usually meant for them.

However, if it is the data that is your concern, then you want to control that at the data level - either with a Security Filter or a Slice condition. If the user gets the view but does NOT have access to the data, then they would only see a blank view.

If data security is important, you do not want to control access to data through showing/hiding of views.

View solution in original post

dbaum

A view's Show if property only governs whether it's included in the portions of the app's UI relevant to navigation--it doesn't govern whether users can access the view. See an explanation in Views: The Essentials - AppSheet Help. See SUMMARY TIP: User permissions, roles, and settings - Google Cloud Community for various techniques to govern data access like others already suggested.

View solution in original post

Marc_Dillon

You can't restrict access to the view if they have the URL. Your best bet would be to restrict access to the data itself with security filters.

Also, your screenshot link requires a login. Presumably this is an internal google service? This community is not internal to google.

WillowMobileSys

Short answer, no.

I am seeing the same problem. I guess it boils down to if you are trying to restrict access to the view or actually the data?

If the view, then you would want to control who the URL is sent to. But if it does go out to someone that typically wouldn't see the view and they DO have access to the data then it's not really a major concern, I wouldn't think. They are just seeing a different view not usually meant for them.

However, if it is the data that is your concern, then you want to control that at the data level - either with a Security Filter or a Slice condition. If the user gets the view but does NOT have access to the data, then they would only see a blank view.

If data security is important, you do not want to control access to data through showing/hiding of views.

dbaum

A view's Show if property only governs whether it's included in the portions of the app's UI relevant to navigation--it doesn't govern whether users can access the view. See an explanation in Views: The Essentials - AppSheet Help. See SUMMARY TIP: User permissions, roles, and settings - Google Cloud Community for various techniques to govern data access like others already suggested.