Okay so I know that everyone is going to say this is a bad idea but I merely wish to explore this as a concept and get some well formed thoughts and opinions.

Here’s the setup:

In one private application I am setting up calendar data and that data is to be partitioned and accessed by various teams and their team members. They each want to see different data.
****ALL Team members are identified in the database (This is important info for later, bear with me.)

Some of those team members do not need to use the private application and it’s features, so I’d like to setup a public app for them to view their team’s data in a more simple way.

The idea is that to view their team’s data; when they enter the app they would have to input their name in one field and a secret phrase in another (emulating login for ease of use) which then would show all corresponding data of the team related to that secret phrase. I do also have a concept for is user’s change that secret phrase and how to accurately change that for all data it pertains to…

Users in this public app do not need to input any data generally but for the few instances they do they could be identified.

It’s important to note all of our actual data sets are only accessed by one other person than myself and none of it is downloaded to user devices. We host it all from our google drive.

I would love some thoughts about this work around and what sort of perils I should look out for? This data is for the music industry and none of it is particularly personal. A good majority of it is public information. SOME of it is private info like day of show contact info for a talent buyer; but even that information is passed around.

Okay… thoughts? Thank you if you read this far.

I’m not sure this technically applies, but I’d think the spirit of it does:

All data the app uses is in fact downloaded to the app:

This was very helpful information and I appreciate you.

Some counter thoughts:

• What if I were to randomly generate the secret phrases on my end? This would eliminate the possibility that users would utilize one of their passwords and compromise any other system or platform.

• What I mean by the data isn’t downloaded to their device is that the actual spreadsheets do not get copied and hosted on their device. I know the app downloads the data and stores some of it for quick access later. But a user wouldn’t be able to go into their google drive and see the spreadsheet and edit it themselves. Or is my understanding of that incorrect?

That’s reasonable.

Correct; access to the app does NOT give the user access to the actual spreadsheets.

The other idea i had was for the Team admin to set a team/ shared passphrase so as to make less complex my slices. In this situation users would identify themselves via name and use the team pass phase and if both match they see their data.

I feel this would also inhibit users utilizing passwords from other platforms as they would have to share it with their whole team. What are your thoughts?

Some backstory:
All data points being passed are things like: where a band will perform, the date, Performance time, Performance length, their compensation amount, day of show contact, who booked it, etc.
The public app would merely be a way for bands to view their gig information and interact with agents in our organization.