if my main table have a security filter (only...

security
(Jader James) #1

if my main table have a security filter (only my own rows are visible) i need yet to add security filters to my other 10 tables if its part of the main table?

sample:

table event ( id_event…)

table person (fk_event (ref - is part of event) …)

table object (fk_event (ref - is part of event) …)

… …

i need to protect the access to tables person and object or the appsheet system already to do it automatically?

thanks!

(Bellave Jayaram) #2

Yes, you will need security filters for all tables - I don’t believe you can do it any other way.

(Jader James) #3

:frowning: Ok, thanks @Bellave_Jayaram

(Steven Coile) #4

A security filter applies only to the table for which it’s defined; there is no automatic protection for related tables.

Beware, though: security filters can create a mess very quickly if you aren’t very careful with both your filter and your data design. A big one: your app won’t be aware of the data that’s been filtered, so it’s possible to create a duplicate key!

Security filters are best used to prevent sensitive data from ever reaching the user’s device. It’s still possible to hide data that does reach the device from the user without security filters, and with fewer potential complications.

(Jader James) #5

I was thinking too about scalability, if i a have 100 users and each them have 30 rows of each table…so is so better receive only my 30 rows of each table than receive 3000 rows for each!

(Steven Coile) #6

True. I’ve used security filters myself for just that very concern.

A security filter is best used in this case on tables with rows that can be clearly associated with only a single user and there will be no need for multiple users to access each other’s rows.

When creating keys in a table with a security filter, be sure to use UNIQUEID().

If you have other columns that are supposed to have unique values, keep in mind that whatever expressions you use to enforce uniqueness will only see the filtered data, not all data. It will not be possible to enforce uniqueness across all users using only filtered tables.

(Jader James) #7

Of course +Steve Coile…in all of my tables I have used security filters or they are read only or they have a random number generated for their id!