Data privacy is crucial in our app. That’s why we would like to use Row Owners to safeguard their corporate email addresses.
However, we would like to pull in some data from the public profile to this row-owned users profile.
My question is: Is the users table data still safe if you pull in data from a “public” table (but not the other way around)? Or will data be exposed as soon as any connection is made between two tables regardless of the row-ownership.
Lastly, I would like to ask you if there is a way to test if data is protected or not?
I think it works this way:
- Your user logs in.
- Glide gets the user email, and starts scanning all tables that have row owners/roles setup.
- Glide gives back a version of the database that only contains rows that the user has access to.
- Glide starts computing the computed columns on the user’s device (though there might be some cases where the computed columns might have been calculated server-side, I don’t know more about this).
Hence, your case should be fine.
Thanks for the explanation @ThinhDinh
Now if I may ask a follow-up:
Our app is with optional sign-in. Does this mean, that glide will recognize whenever an anonymous user is accessing the app and thus doesn’t have access to whatever is in the users table (since anonymous users by default own no row)?
Anonymous users cannot own rows, therefore rows with row owners applied will never be downloaded to an anonymous users device.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.