A little help on security filters

I need a little rope on security filters. This is something I have got to work on only recently as recently we have had an upgrade to pro from premium.

There is a documents table, with three classes, say - sensitive, general and financial.

There are user roles defined for each user in our system - there are six, but for convenience’s sake, lets just go with 3 for now - Admin, Moderator, User.

I want the admin roles to be able to see all of the document classes, moderators to be able to see general and financial, and users to be able to see only the general.

Right now I’m using a slice to filter them, but as I was told by people here that using slice filtering is not the best option to achieve what I want.

The ‘role’ of each user can be called upon by using this expression - any(Profile Slice[Role])

How can I achieve what I want using security filters ? Give me just the starting push and I can figure the remaining out by myself.

Add an EnumList column to your users table which will specify all classes depending on your role with an app formula. Then you can set the security filter as IN([Class],LOOKUP(USEREMAIL(),“Users”,“Email”,“Classes”))

Correct. Security filters are applied by the AppSheet servers, and the servers will not send filtered rows to the users device at all, so there is no possibility the user could access those rows. Without a security filter, all rows are sent to the users device, and the best that can be done is to try to hide the rows from the user with app configuration. But once the data is on the user’s device, there’s no guarantee the user can’t see get to the data.

1 Like

Try:

SWITCH(
  ANY(Profile Slice[Role]),
  "Admin",
    TRUE,
  "Moderator"
    IN([Class], {"Financial", "General"},
  "User",
    IN([Class], {"General"},
  FALSE
)
3 Likes