Security info about Hidden tab

Hi, today I receveid an email from glide about securety, I read: "Do not rely on visibility settings, hidden tabs, and hidden components to protect private information."

I use once app for manage my company, I have my tabs and my employees has their tabs working with visibility settings. Do i have to worry about my private data?

Thanks, Toni

Does your app limit access by email?

Yes, it does. But my fear is my emplyees can see personal data that only I can see.
@shchc

If you’re not using anything beyond “Limit Access by Email” , then my understanding is that anyone who can sign in can access (in some way) all users’ information.

You’re best to use Row Owners, Roles, and/or Protected columns to further prevent access to data in the back-end.

I’m using role for each user, I can see my tabs by visibility settings and my employees can see only tabs and data that I want.

I think that sounds okay. One thing to note: anyone with the same role can access anyone else’s information with the same role (I think).

1 Like

Yes, but they can see only personal record by filter “Email is signed-in user”.

They can only “see” , yes… But they can “access” other users’ info who hold the same Role by using browser inspecting — it involves some know-how but it’s possible.

The best thing to do is to also use Row Owners to ensure that only that user can access that row of data.

1 Like

But with row owners I can’t see their data. I’m the admin.

You’ll have to create a copy of the sheet and set up a different row owner that would apply to all rows. That row owner would be the admin only and they would have access to every row of that copied sheet.

1 Like

Ah ok, I got it. Just use arrayformula in the sheet copy that take the values that I want they see from original sheet. Thank you.

1 Like

I don’t think you need to copy the sheet. If I understand correctly, you should be able to mix roles and emails. So if you set up an array column (Email 1, Email 2), then can have the user’s email in the first column and the ‘Admin’ role in the second column and you can set row owners based on the array column I believe.

2 Likes

I want to show only some fields of a record. For example, I have a row with the fields: Project - Customer - Cost, and of that line I only want my employees to see only the Project - Customer fields, the Cost field can only be seen by me who am the admin.

Ah yes that’s right.

The one thing I like about using copied sheets is that the admin view can be built completely separately and can use a different layout entirely than the main/employee view.

2 Likes

If I set up the array column, both Email 1 and Email2 can see the entire record. I want hide from all my projects the fields that I want and make visible only that I want. Naturally using only one app. This is why I created more separated tabs for each role

1 Like

Understood. If you would rather have duplicated sheets, that’s fine. You could set visibility of components based on role, but if security is a primary concern and your employees should not have any ability to access cost, for example, then duplicate sheet data is better.

3 Likes