This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Built-in search & filter feature exposes searchable but hidden column values

Posted on 01-11-2025 10:58 AM
Steve
Platinum 5
Platinum 5
Reply posted on --/--/---- --:-- AM

If I mark a column searchable but use an expression to hide the column, the hidden column values are exposed or determinable using the built-in search and filter feature. A reminder that Show? or Show if are NOT security features. If the data makes it to the device, assume the user can access it whether you want them to or not.

Attn @MultiTech @Suvrutt_Gurjar @WillowMobileSys @TeeSee1 @Koichi_Tsuji @Gustavo_Eduardo  @Adam-google @amyplin @wabrian @Arthur_Rallu 

10 3 223
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
MultiTech
Gold 4
Gold 4
Reply posted on --/--/---- --:-- AM

Good PSA! 🙏

much obliged (tip of the hat).gif

Posted on --/--/---- --:-- AM
WillowMobileSys
Platinum 1
Platinum 1
Reply posted on --/--/---- --:-- AM
@Steve wrote:

If the data makes it to the device, assume the user can access it whether you want them to or not.

Thanks Steve!  Yes, I have contended with this as well.  Here is what I have decided as a rule of thumb...

1) If I want to allow a user to search by certain values, they can deduce which data rows the values apply to anyway so there is no harm in seeing the Filter column list and associated values.

2)  If a user should NOT be able to associate certain values to data rows through searches, then I must create a Slices and user ROLE-specific views that does not include the secured columns.

3)  If I have a column with a mix - values a certain user type CAN search but others that user should NOT know about - then I need to split the column values into separate columns - one secured and the other not - then create the user ROLE-specific Slice + View.   Yes, this might mean a separate secured column for each user role.


Of course,  most of this extra work could be avoided if we had more control over the Filter column list!! 

Posted on --/--/---- --:-- AM
Gustavo_Eduardo
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Thank you for the clarification, Steve. I now have a better understanding of the difference between hiding a column using 'Show if' and securing data with security filters. I’ll review my settings to ensure that any sensitive information is properly protected through security filters, rather than just being hidden in the interface.

Your reminder that 'Show? or Show if are not security features' is very helpful. I appreciate the explanation and the examples about how data can still be accessible if it reaches the user’s device.

Thanks again for the heads-up and for pointing out the best practices. 😊

Top Labels in this Space