🔒 Row Owners

We just rolled out a new security feature we call Row Owners. It will give your users more security and allows you to keep confidential data in Glide. If your users keep personal data in Glide, please use Row Owners:

If you want some more context, this has been discussed here on the forum:

6 Likes

Since this data is coming from the Google sheet, I assume that the Google sheet can refer to this sheet via various copy row functions, and “copy” the data into another sheet, which the app could then access. Is that correct? I do understand that this is a layer of abstraction that the end user does not have any access to and fully under control of the developer.

1 Like

Yes, you could do that in the spreadsheet if you wanted some data that’s hidden via Row Owners to show somewhere else.

1 Like

That is exactly what I was thinking about. Thanks.

1 Like

Awesome! I’m excited to try this new feature.

Thanks for pushing a new update, again! :slight_smile:

Awesome update and glad to hear it is now rolled out widely!

What is the status of this update ? Eagerly looking forward to see this.

It’s out already. You can use it

@Mark two points where I need some clarity

You mentioned:

Somebody who knows what they’re doing can open the app in a web browser and get to all the other user’s data.

Is this data that only lives in the google spreadsheet or glide data editor as well (e.g: Template Columns, Math Columns, IF then else, Columns etc)?

We have been working on a feature to provide true row-level security, where the app can’t even download rows that the logged-in user doesn’t “own”. Let us know if you definitely need this feature and we can onboard you to the current early version.

I’m interested in this, and would like to know more :slight_smile: Do I need to formulate my request in any way?

Hi. I’ll try to give you a basic heads-up for starters. If a row in a sheet is not “protected” then you should assume that it could be accessed. This applies to all columns, both Google and Glide. It can be accessed because whilst you may not see it within the app, it may well have been downloaded to the browser and is only hidden. Therefore a “savvy” user could reveal the data using a number of different debugging tools.

To ensure that a row can only be accessed by a specific user (or users) then enable the Row Owner feature. That will ensure that the row cannot be accessed unless Row Owner matches (checkout the tutorial on this). It achieves this by not downloading the row to the browser, so it is not available even using debugging tools.

1 Like

Exactly what I assumed as well. Thanks for the valuable input :slight_smile:

1 Like

You pay for them to download less

So…which column would be advisable to become the Row Owner? Row ID? Users sign-in email address?

Thanks.

I believe in all of the cases I have to use row owners, it’s the email.

2 Likes

Thanks ThinhDinh, email makes the most sense. So would that be the Glide anon email or the “captured” email at sign-up process?

On rare occasions when I’m being lazy I use a username or person’s real name but it’s best practice to use their email since that doesn’t normally change across the app and it’s sheets.

1 Like

Thanks Drearystate.

Whatever works for your case, I believe since Glide enables the anonymous email option, they’re basically the same.

If your using username and password as your means of signing in that may change how you determine what you sre using because that doesn’t necessarily mean you have the same email time and time again.

Gotcha. It’s essentially a mask of the persons email they use to sign-in.

2 Likes