Data security, Install link

Hi,
I have deployed an app with some views which have Show if Formula like
contains(USEREMAIL(),“gmail”)

When I have deployed and whitelisted an user who have an email adress xx@yahoo.fr, he received an email for installing appsheet or open in a browser.
install
He first click on Open in Browser from his mailbox “xx@yahoo.fr” and the app opened like he was an user from an email address “xx@gmail.com”. He saw all the views which are normally for people with gmail adresses.

Then he installs the app and connect from his yahoo adress and the filter works correctly.
How is it possible to avoid this situation that whitelisted users can open in browser the app like he was the creator of the app?

This will match:

That’s not at all secure.

USEREMAIL() reflects the email the user has signed into the app as, not the mailbox that received the invite.

@Steve,
Ok I have understood.
So to avoid this problem, is it with Security filter? But the final user still receive the mail with the option to open it in a browser with the view of the creator, isn’t it?
In the documentation, it is written to create slice and use this kind of formula. But with the button “Open in Browser” received by the whitlisted user, autentification is not asked so the filter can not works

It’s important to understand that Show if for a view only affects the display of navigation links to the view within the app itself, such as within the main menu and along the navigation bar:

There are other ways to get to a view: for instance, an action could take the user to it, or the user could click on a URL from a browser to go straight to a view. The view’s Show if does not prevent the user from seeing the view in such cases. Therefore, Show if should not be considered a security measure.

It is best to assume that any user that can use your app at all can see all the data the app uses, whether you intend it or not. To prevent the app from even receiving data the user shouldn’t see, a security filter is a great choice:

Also make sure your app requires user sign-in:

image

Thanks @Steve for feedback.

I understand that I have to think that any user can see all the data, whether I intend it or not.
I will try to modify the app using Security filter to see what happens because sometime it could be interesting that somes users don’t have any access at all to some data of the app.

Or maybe doing 2 apps using the same database but with some Columns or tables not accessible. Maybe it is the better way.

1 Like