So this means that in order to have user specific roles and workflows I need to maintain a separate table of users in appsheet? Seems redundant and error prone… I am also not understanding the statement that it would be accessible to all users. Isn’t filtering and hiding columns something we do all the time in Appsheet?

@Christian_Farley2 I have a separate table in my app of users, their e-mail addresses (same as those on the whitelist) and a column called “Role” to differentiate what they can see.

I have two roles, a user role and an admin role.

I use Show_If expressions throughout the app to hide functionality (edit, add, update) and views (such as the view where these users are maintained) from the users unless their role is admin.

Thanks @Nicholas_Christoffer. This makes sense, and confirms that there are at least a few good reasons for such a workflow (in reference to @praveen’s initial response

Because many of our customers end up with such solutions, we’ve started to add the ability to define roles directly as part of the user whitelist. You’ll see in the Users pane of the app editor that you can do this. You can then use the USERROLE() function to determine if the current user is an admin or not.

At the moment, the role names are not dynamic, but we’ll open that up down the road.

Wrt the security issue, any data used in the app is fetched to the device/browser during sync. This makes it accessible (i.e. readable) but someone who has some browser savvy.

hmm. I thought data transfer was encrypted from the source to the appsheet backend to the device. As per this Webinar from Santiago. Forward to the 8:00 minutes mark: youtube.com - Filter Data in Your Apps: 6.23.16 Deep Dive Webinar | AppSheet Filter Data in Your Apps: 6.23.16 Deep Dive Webinar | AppSheet