This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Lawyer form with string in browser

Posted on 11-16-2024 08:11 AM
manueurofax
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Hi,
I found out that with a string similar to the following from someone who has permission to use the Views,
https://www.appsheet.com/start/[...]#view=Anagrafica_Form

you can get the Form to add a new record, even if this user has no permission to add records.
And he can save records even without data, even if the columns are not accessible to him

How can you prevent access or prevent the record from not being saved?

Thanks for your attention

0 2 147
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
Steve
Platinum 5
Platinum 5
Reply posted on --/--/---- --:-- AM

Use Are updates allowed? in the table configuration to control what table updates a user can make.

Use Only if this condition is true of the AddDelete, and Edit actions for the table to limit their availability.

Use an Editable? expression to limit edit access to specific columns.

Include a conditional in the row's key column's Initial value expression so it's only given a value if the user is allowed to add rows. For example, IFS(("Admin" = USERROLE()), UNIQUEID())

See also: Limit users to particular tables, views, and actionsGet started with security 

Posted on --/--/---- --:-- AM
WillowMobileSys
Platinum 1
Platinum 1
Reply posted on --/--/---- --:-- AM

What subscription plan is your app enrolled under?  

0 Likes
Top Labels in this Space