Limiting users to their own data

You can use Security Filters to control which records a user can see and update.

When you use Security Filters, you normally set the Require user authentication option on the Security > Require Sign-In pane. Once a user signs in, AppSheet knows the user's email address. You can then use the user's email address to filter the data shown to that user.

When you use Security Filters, you often include a field in each record that identifies the "owner" of the record. Typically this field contains the owner's email address. When adding a new record to a table, you can use the USEREMAIL() function in that field's InitialValue property to initialize it with the user's email address.

Security filters are optional yes/no expressions associated with each table in the app. They typically use the user's email address, and possibly other data values, to limit the data shown to the app user. 

To limit access by User Email:

  • [EmailColumn] = USEREMAIL()

To limit access by User Email Domain:

  • CONTAINS(USEREMAIL(), [EmailDomainColumn])

You can build more complex Security Filters. For example, you can filter the Customers table so that each sales representative sees only their own customers. If you have a separate CustomersToReps lookup table having columns CustomerId and SalesRepEmail, the security filter for the Customers table would be:

  • IN([CustomerId], SELECT(CustomersToReps[CustomerId], [SalesRepEmail] = USEREMAIL()))

However, be aware that more complex Security Filters like the one above are typically inefficient when used with large datasets. 

 

Warning: Avoid USERNAME() in Security Filters because it is unreliable. Providers like Google, only return the user's name if that user has enabled Google+ on their account.

 

More Information

This Security Filters video provides useful information.

Have more questions? Submit a request

0 Comments

Article is closed for comments.