Bypass Security Filter ; Mystery solved

It was my long running mystery, "how and when we use “Bypass Security Filter” in workflow settings, but now the mystery was solved thanks to usual great support from Appsheet teams.


In the setting area, there is statement of ; -

Run this workflow rule as though there are no security filters on the data sources.

Taking into account this explanation, I have been assumed the actions fired by the workflow is ready “ignoring” the security filters applied to the table setting, but it was not. I didnt dig in deeper than that, but recently I had a use case possibly I need to have this on my apps.

Consulted with Appsheet dev teams through the support, and it was possible there was a bit of bug which was fixed now. Probably, the new code will take a bit of time to arrive to your appsheet account, but my test is currently show the desired result and functions.

let me explain.

For instance, we apply filter to the table, just read the rows mathing the value for Email fields where it containts email address of login user. This is quite common use case. Then we apply some sort of “count(select(Table[ID], true))” in some fields settings such as app formula or initial value expression. When this expression is applied the count calculation is made on the client side, i.e. to count the number of row in table which “got through” the filter conditions. Assume we have 10 records in app after applying filter, but in reality, we have 100 rows in the original table.

“count(select(Table[ID], true))” sort of expression is always calculating the number of records based on “after filter” as it is Appsheet “by design”.

However, let s assume we update the field by workflow/action and push the number of total records count, by setting “Bypass Security Filter” turned ON, it will count the record reading the orinal table “as if” there is no security filter applied to the table settings.

Say, I run the action by wrokflow and update target row and fileds with expression of “count(select(Table[ID], true))” in the above case on adding new row, then result will be

“Bypass Security Filter” Turned off ; 11
“Bypass Security Filter” Turned on ; 101

In some use case we really need to apply filter to reduce the amount of the records to be sent to the user devices to improve the performance of the app, but at the same time, we wish to run the appsheet expression as if there is no filter being in place.
Now it is easily achievable by setting “Bypass Security Filter” being turned ON!

I placed public sample app so that everyone can play around how it works. The sample app is here.

In this sample app, we read the records from a table using useremail() value mathced email filed (pretty much common use case).

Then compare the inital value with count/select expression result with the action fired by workflow with bypass security filter turned ON.

Have a fun.


I tested further.

  1. Add new row from app. The expression yields the correct number by workflow/action.
  2. Add dummy rows into spreadsheet directly, assuming the other concurrent user is adding “new” rows.
  3. Without syncing app, add another new row.

Result ; Expression yields correct number to count the number of records.

Obviously the Appsheet is wise enough to read the “most latest” whole table upon firing workflow/action regardless of user device specific data. Make sense.


Yes Sir, I use this often!

1 Like

Well explained @tsuji_koichi. Thank you.

1 Like

Thank you so much! You just answered my question and solved my problem. You are THE MAN!


I am testing a simple app for adding and reporting via email, with a parent and a children table, both having “filter all rows” , and a workflow bypassing sec filter to sent a report for each new parent row and it’s children.

In email attachement, children are empty.

Any help is much appreciated

Please check a sample “Parent Workflow” from how it’s built. It’s a simple timing issue.


I am copying it now to test. In the preview, i saw that “filter all rows” is not checked for parent nor children.

I didn’t see the solution yet.

The reason in your case is probably different than the ByPass option. Take a copy and set both tables with that option. Then you can be sure if the reason is coming from that settings or your app’s settings.

1 Like

“Bypass security filters” should apply to children too ?

I took a copy , i checked “filter all rows” for parent and for child table. I added a pdf attachment (auto created one) to the workflow email. i “bypassed” security filters in workflow. i tested it. Result does not contain recorded children. So the bypass security filter is probably only applied to parent table.

My testing app sends a perfect report if no “filter all rows” is checked.

I just tried to have children with no security filter, and parent with “filter all rows” checked. The workflow sens only the parent row data, and no children data