Filter and Security - COVID contactless app

Dave_Willett · 05-11-2020 03:16 AM

Hi Guys
I’m pretty much ok with Appsheet having used the product for some time now, great product for my purpose. As we enter unlock in our business our staff and customers alike are pretty nervous about contact, especially where forms etc are concerned and of course proximity between people.
So I’m making our own contactless app where all our forms can be completed using signatures and workflows.
I need some advice on securityu and filters so when a customer receives the app, only he can see his own personal information linked to his email address.
As we have many customers and the data is populated via a csv (which is automated to dropbox), what would be the easiest way to limit data and views to individuals plus allow me as the developer access to everything?

Thanks

Aleksi

If your app uses authentication and you have a separate Email column in your table, you can write a security filter as…
OR(“dave@gmail.com”=USEREMAIL(),[Email]=USEREMAIL())

Dave_Willett

Hi Aleksi, that looks like what I need, thank you. It does say in the security filter section ‘Pro Plan’, I think I have an Enterprice license, will this affect my project, or can the expression be used in a ‘Show_If’ of the view instead?

Aleksi

Enterprise has the same features or more than PRO plan and you are fine with the Security Filter.

Dave_Willett

Thanks Aleksi.

I set up a security filter as specified above. To test this, I set up a separate ipad (as a dummy customer) with another email address of mine. I sent the browser link to that email address to see if the filter worked. It didn’t and I got an ‘Access Denied’ page:
'Your account willett....@yahoo.co id 658…7 does not have access to MMContactlessApp-658…7
You might need permission ( as so on)

I was hoping to just send the customer the link to the App and they login and only see their data.

What am I doing wrong ?

Cheers

Aleksi

The “Access denied” message means that your app needs authentication and your test email is not able to open the app because it’s not in your Whitelist (Users).

Dave_Willett

Thanks Aleksi, that does make sense.
Just one thing, we have over two hundred customers whose email addresses are held in the csv and the csv is uploaded several times per day, I would never be able to constantly whitelist them all, the csv constantly changes.
Is there a solution or suggestion for this.?
Regards

Aleksi

Unfortunately you can’t import email addresses from the CSV file. If you would use for example AWS Cognito for authentication, you might have other options. Have you checked that option?

Aleksi

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html

Dave_Willett

Interesting, I’ll take a loo… thanks for the assistance

Cheers

Aleksi

Though you need to have the AWS Cognito option with your Business/Enterprise plan.