Yes, already had a Current User slice. Thanks for the tip to use INDEX for this single-row slice--I had been using LOOKUP.

Amazing info as always Matt, thank you for sharing !

The backdoor you mentioned works similarly to the “preview as” function built into the app editor or does it provide better information when you test on it?

It’s similar in function to the “preview app as” in the editor - but this is baked into the app.

The app LITERALLY believes it’s being accessed by that user - in regards to anything that you’ve built out using the Current_User slice.

USEREMAIL() will still return whatever email the user is ACTUALLY using - or whatever you’ve entered in the “preview app as” space.

This relies on the fact that current user in the Users table because of LOOKUP(USEREMAIL(), Users, User_Login_Email, UserID).

So have you figured out a way to force user to create the entry when they first log in because if you show them a form they can just ‘Cancel’ it and row won’t be created.

Or have you figured out a way to restrict access to everything until they do create their row in Users table?

Thanks @Steve I saw that and it still has the same issue that is users can press ‘Cancel’ and row is not created.

There’s no sure-fire way to prevent the user from canceling out of a form.

In order to force a User table entry for a new user, the user must do something with the app that will trigger an action. The action can then add the current user to the Users table. The problem is that the main menu entries and the navigation buttons along the bottom of the screen can’t trigger actions, so you have to present a view to the user that forces the user to either save a form (which can trigger an action) or press an action button. Action buttons can’t be placed on forms; all other view types require at least one pre-existing row in a table. Whether you use a form or a view atop some pre-existing row, you still have to prevent the user from navigating away from the view, which means removing all main menu and navigation bar entries. There’s no simple way to do any of that.

Thanks for that explanation. It helps a lot. Then would how does this work? When is the initial value of the User Setting resolved? We need it to be resolved after the User exists in the table.

And can we request a setting that tells if you can reject the open form? Simple enough to implement. This would be useful in many other places.

User settings is handled like any other table: the user settings row doesn’t exist until the user goes into it and saves it.

If you’re going to have a Users table, best to use it rather than use user settings at all.

Hi,

Thank you so much for this. Will this still allow someone to share their email address and password with someone allowing log ins on one account from multiple users?

Thanks so much.
Keelet

It’s been my experience that ANY() can sometimes remove the “meta data” of a column; I’m talking about the deep layered data that AppSheet keeps internally that we can’t see. Stuff like:

• Referenced table Key column
• Referenced key column type

But also stuff we can actually set:

• EnumList base type
• Enum base type ref table

In the past when I would use ANY(), sometimes this information would be lost and I would loose the reference nature of the data or the base type of what we’re working with.

INDEX(), however, has never had this problem - in fact it seems to retain the type of the data you pull in no matter what.

Now that’s a good tip! I saw that limitation with ANY() before, but didn’t realize there was a way around it with INDEX()! Great find, @MultiTech_Visions!

Wait, it wasn’t ANY()-- I saw this same limitation with ORDERBY().

Interesting - You should drop this as a tip in of itself.

Wow! Now I need to check where I use ANY() - which is a ton and see if I should switch to Index.

The real problem is that it WAS fixed at one point, then broke; then was fixed again, then broke.

I can’t build around something like that for a paying client; there’s few things on the platform that see-saw like this - this just happened to be one of them.

Mate, i fed up with all the bugs, unexpected behavior of Appsheet. I m so tired… to struggle with it.
My clients claiming and jump over to me (Off course) … again. I fed up.

I go sleep and forget all now…

Something is going wrong with Appsheet, as it did not happen before Google era. I simply hope everyging goes back before the time before Google aquires. Honestly, as things obviously gets worse and worse day by day.

That’s not true; it’s always been like this. Part of the territory of a SaaS that deploys multiple updates a day.

I hear you; that’s why I typically steer clear of any of the “newer” features, they will have tons of bugs that need to be rolled out. It’s maybe about a year before things stabilize to where I feel okay using it in “production” apps.

And when it comes to things like this ANY() situation we’re talking about: once I identify something that’s oscillating like that, I’ll find a solid work around that I can rely on. Such as the INDEX() thing.

I respect you and your opinion, but it is my own opinon.

I simply so tired now.

@MultiTech_Visions @tsuji_koichi

I agree that I sometimes find inconsistencies in the behavior of Expressions. When this happens, I have to spend hours to narrow down the problem and then look for an alternative method to get the result I need. This is very frustrating.

I think that the AppSheet Expression interpreter code needs refactoring.

You have no idea…

Yes, you are right about that. I also [ ]forget these signs. The expression interpreter does not see this error. But first I do the complex expressions I want to do in Excel. Then I make shorter alternatives to the expressions I wrote in Excel. I convert the expressions I get at the end into Appsheet expressions. In this way, I prepare my expressions faster.

Because then the Users table is no longer the Users table - it’s more a single user table.

If I put a security filter on the Users table, then I won’t have any of the other Users data in the system - admin users would have problems with that.

FWIW, I'm trying to do both. I apply a security filter on my Users table that depends on the role--just the user's row(s) if they're only a standard user but all users for the tenant if they're an admin (or me!).

IF(OR(USEREMAIL() = CONTEXT(OwnerEmail), [Role] = "Admin"), OR([Tenant ID] = USERSETTINGS("Tenant ID"), [Email] = USEREMAIL()), [Email] = USEREMAIL())

But we need to use UserSettings(Current User) everywhere in the app instead of USEREMAIL()/USERROLE() value to do this Tip/Trick!

I don’t think that’s the same feature. That simply wants ‘Cancelled’ Action. I want a ‘Show If’ for ‘Cancel’ button when you’re in form view so you cannot go back. You have to fill it and finish saving.

Ah. That’s a question for @MultiTech_Visions, then.

It seems to me that if you used a security filter to only show that companies data in the app, then you wouldn’t have to restrict add/edit/delete permissions.

• Because then, the data shown in the app is only for that specific company.

But if you wanted to control who can do what, you’ll either need to:

• use a “Role” based system (ie. “Admin” roles can edit things, but “Users” can’t); or
• control things on the individual actions.

If using a role-based system

You can use an Update-Permissions formula on the Companies table (inside the “Are updates allowed?” space) like the following:

switch(index(Current_User[User_Role], 1),
	"Admin", "ALL_CHANGES",
"READ_ONLY")

If you wanted to control things through Actions

Each individual operation that can be executed on a table (add/edit/delete) is controlled through an action for that table; and you can base whether any action should be seen or not based on data from individual records.

• So for the “Edit” action on the Companies table, you could do something like the following:
  INDEX(Current_User[User_Company_Link], 1) = [CompanyID]

• You might also throw something in there about only allowing “Admin” types as well:

AND(
  INDEX(Current_User[User_Role], 1) = "Admin", 
  INDEX(Current_User[User_Company_Link], 1) = [CompanyID]
)

NOTE: I originally posted an incorrect statement, which caused confusion and the comments after this one are based on that erroneous info. The previous details can be found here.

Then inside the “Are updates allowed?” space for the Companies table…

…use a formula such as this:

For a single ref column

IF(INDEX(Current_User[User_Company_Link], 1) = [CompanyID], 
  "ALL_CHANGES", 
"READ_ONLY")

For an EnumList of refs

IF(IN([CompanyID], SPLIT(CONCATENATE(Current_User[User_Companies]), " , ")),
  "ALL_CHANGES", 
"READ_ONLY")

---

I might also include something about only allowing Admins, if you use a Role-base permissions system:

IF(AND(
  INDEX(Current_User[User_Role], 1) = "Admin", 
  INDEX(Current_User[User_Company_Link], 1) = [CompanyID]
),
  "ALL_CHANGES", 
"READ_ONLY")

Thanks! I will try implementing this and see if I can make it work.

You might also find some helpful tips from this post as well: