Creating an app that needs to have its users only access records that are associated with the Member Business that the user belongs to.
Based on the Security Documentation, the users need to be the row owners for each record, correct?
This app will have multiple Member Businesses and the Member Businesses create users for each Member Business. And the users will have different Roles for that Member Business, like CSR, Field Person, Manager, and Owner.
Is there a way to allow only Users Associated with a Member Business to access that Member Businesses records without being insecure (showing the other Member Businesses records)? I cannot allow one Member Business to snoop around inspecting the elements and be able to see the other Member Businesses data.
The documentation says “When you use visibility conditions or design a screen to show some data but not other data, your app still downloads whatever data it can for the corresponding sheet, even if it is not displayed in your app.”
Business 1 has 25 records stored in 1 table.
Business 2 has 25 records stored in 1 table.
Both businesses have the records stored in the same table.
How do I SECURELY allow all of the users that have the role CSR for Business 1 see only the records stored in the table that are associated with business 1? And not inadvertently expose the records of Business 2.
If I use Row Owners for this, only the user that created the record will be able to see it. I need all users for the specific Member Business to see it, but also to keep the whole table secure from the other businesses snooping into the returned data.
You can use role as row owner to grant access to all buisneses, just add to each row column and write to it supervisor. set row owner to it. And set in user table role column and write to correspond users supervisor. Dont forgot: you must write user’s role only in editor.
What I would do is assign each business ID as a role value to each user in the user table. Then when you create a row for each business in your other tables, make sure you write the business ID to one of the columns and make that column a row owner column, which will grant access to any user that has a role with the same business ID.
I assume data security is not as critical for each user position within a particular company. In that case, you can use pseudo roles, such as CSR, and use that to control visibility and filtering of certain screens and components.
So in the end the Role functionality will control data security for each business but the pseudo role/position will control everything else within the company.
Ahhh gotcha. I guess I misunderstood the assignment. I meant the same as Jeff essentially. I use separate Id’s for each business… only I use the same prefix for each one (‘Business-x’) is the only difference.