Can I make a UX View exclusive to certain people?

Rachel_Anne · 02-22-2020 04:20 AM

I don’t want all my employees to access certain views on my app. Can I make a UX View exclusive to certain people?

Koichi_Tsuji

There are a couple of different ways, but you can easily achieve.

First, when you place the app user to “whitelist”, you can set the role to either USER or ADMIN. Then user the expression inside Appsheet, userrole()

On each view you generated, then set the showif constrain by using userrole expression or you can use useremail() expression to control the access to each view basis individual user level.

Otherwise, you create your own physical table with the list of your app users.
Then you can do more detailed, complex and comprehensive control over the access to views or any other stuffs, like show column, action etc.

MultiTech

This is the method I advocate.

In all the apps I create where we need certain people to have access to certain things, and restrict others, I’ll create a Users table. In this table I’ll include the column [User_Role], and Enum with a few options like Admin, User, etc. (all completely set by me when building things out).

I’ll then create a slice: Current_User; for the formula I’ll do: [User_Email] = USEREMAIL() where [User_Email] is the column in the Users table that holds the email address of each person using the app. From this I can easily call any information I need from the Users table about the current person using the app: any(Current_User[User_Assigned_Facilities]) for instance.

By creating your own user-class system like this, as Tsuji said, you’ll be able to have much more control and customizability ( spell-check doesn’t like that word lol).

Rachel_Anne

So this is where I will place my formula for that right?

Aleksi

Correct. Just please remember that it hides the view name, not the view or data itself. Your users are still able to see that view and data.

Jonathan_S

Confusing me Aleksi, what do you mean by this? If the formula is correct the user wont be able to see the view??

Rifad

Aleksi

When you hide a view, you are still able to see that data with a suitable URL. Hiding a view is not secured in any way.

Jonathan_S

Ahh understood, yes.

darpan_sanghavi

So how to make it secure? If I want my user to not access the data even via a suitable URL! How can we achieve this?

Marc_Dillon

Aleksi

You need to use security filter for that purpose. With the security filter you can be sure that no data is downloaded to user’s device.

darpan_sanghavi

Thanks Aleksi for the reply, I am not sure how this will work for my use case which is like this,

I have a table Location_Master which consists of all locations of my company.
There will be Employees who have Location Admin role - i.e. they can edit location name, seating capacity etc. For this, I have created a slice and applied a security filter so it fetches only those rows for which the individual has access.
Formula : “IN([Location], SELECT(AllowedAdmin[Location], [Email] = USEREMAIL()))”
Normal user who does not have access to any location can see the above Location Master screen if URL is copied.
Ideally it should not showcase any data, but it is not happening - may be because URL itself has some params which are fetching data!
URL : Login - AppSheet

MultiTech

I would advocate you create a Current_User (slice) instead of brute forcing a SELECT() when you need info from the user’s record, this will greatly increase the efficiency of your system.

With this setup, it’s extremely easy to enforce security protocols.