LinkedIn
Twitter
Hi,
I have deployed an app with some views which have Show if Formula like
contains(USEREMAIL(),“gmail”)
When I have deployed and whitelisted an user who have an email adress xx@yahoo.fr, he received an email for installing appsheet or open in a browser.
He first click on Open in Browser from his mailbox “xx@yahoo.fr” and the app opened like he was an user from an email address “xx@gmail.com”. He saw all the views which are normally for people with gmail adresses.
Then he installs the app and connect from his yahoo adress and the filter works correctly.
How is it possible to avoid this situation that whitelisted users can open in browser the app like he was the creator of the app?
@Steve,
Ok I have understood.
So to avoid this problem, is it with Security filter? But the final user still receive the mail with the option to open it in a browser with the view of the creator, isn’t it?
In the documentation, it is written to create slice and use this kind of formula. But with the button “Open in Browser” received by the whitlisted user, autentification is not asked so the filter can not works
It’s important to understand that Show if for a view only affects the display of navigation links to the view within the app itself, such as within the main menu and along the navigation bar:
There are other ways to get to a view: for instance, an action could take the user to it, or the user could click on a URL from a browser to go straight to a view. The view’s Show if does not prevent the user from seeing the view in such cases. Therefore, Show if should not be considered a security measure.
It is best to assume that any user that can use your app at all can see all the data the app uses, whether you intend it or not. To prevent the app from even receiving data the user shouldn’t see, a security filter is a great choice:
Also make sure your app requires user sign-in:
