Hello everyone, I'm working on an app where...

security
(Analista Vega) #1

Hello everyone,

I’m working on an app where many companies can work on it, but I’m worried that it will not filter information between users of one company and another. I know there are security filters, but I have another doubt and that is: I want 3 users belonging to a company to see the same information about that company in my app? since the records are recorded with a useremail () therefore that information could be seen by the same user who created it and not by another of the same company. I would like to know how to formulate a filter with the securityfilter function where 3 users of a company can see all the records only of the company to which they belong and in the way that is safe and other users of other companies can not see them?

(Gil Littman [AppSheet]) #2

@Analista_Vega Assuming all users with the same company have emails with the same domain you can use SPLIT and INDEX to get the domain from their email. So your security filter would like: INDEX(SPLIT(USEREMAIL(), “@”), 2) = INDEX(SPLIT([email], “@”), 2)

I hope that helps.

(Analista Vega) #3

@Gil_Littman_AppSheet thanks… but in case they did not have the same domain but were gmail emails?

(Gil Littman [AppSheet]) #4

@Analista_Vega In that case you’ll probably want to have a table that maps emails to companies. If you want to completely separate the data for different companies, maybe you should consider making different app for each company.

(Analista Vega) #5

@Gil_Littman_AppSheet

I will try to make the mailing table to each company, and make a filter that shows the information of that company, if the user is related to the company … but, the security filters if they are sufficiently safe for that the user is not going to see information from another company? … I can not do apps for each company, since there will be many companies that will participate and in case of an update or change in the future it would be very difficult to do it to all the apps you understand me?

(Gil Littman [AppSheet]) #6

If you have many companies and/or planning to make changes to the app frequently, so probably a users/company table is the way to go. One this to point is that since that table is going to contain emails for all your users you should use a security filter for this table as well, even if you’re not planning to have a view for that table. USEREMAIL() = [email] will ensure each user will receive only their email address. In general, if a row is filtered out by a security filter it will not be sent the the user’s device, and there’s no way for the user to see that row. In you case, you’ll need to make sure users can’t change their company name.

(Analista Vega) #7

@Gil_Littman_AppSheet

I get it. What I will do is that the mail is associated to the company through the ID of the companies table. That way it would not be a problem if they changed the name of the company. Thank you!