This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Security Risk of shared data tables putting all data in one Google Sheet

Posted on 08-16-2022 02:22 PM
Danielsntgd
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

I was told it's best to use a shared data table vs private due to private tables being unable to update for users without losing their data. When I use a shared table, it keeps everything in a Google Sheet on my account. Is this secure enough, and If not, what would be the best way to go about this?

Thanks!

Solved Solved
1 10 243
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dbaum
Gold 4
Gold 4
Reply posted on --/--/---- --:-- AM
@Danielsntgd wrote:

When I use a shared table, it keeps everything in a Google Sheet on my account. Is this secure enough

If you consider any other file in your Google Drive secure enough, a file used as a data source for an AppSheet app is no different. Via the app, ensure that you:

  • apply the right security filters so that users don't have access to portions of the file's data  that you don't want them to access
  • limit the actions (e.g., update, delete) available to users who shouldn't be able to perform those actions

View solution in original post

Jump to Solution
10 REPLIES 10

Posted on --/--/---- --:-- AM
SkrOYC
Gold 5
Gold 5
Reply posted on --/--/---- --:-- AM
@Danielsntgd wrote:

I was told

Who? How?

Private tables - AppSheet Help
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Danielsntgd
Bronze 4
Bronze 4
In response to SkrOYC
Reply posted on --/--/---- --:-- AM

In the community q&a I was told private may not be the best solution for me. Regardless, Should I make the tables private for an Inventory app which allows notes so that the users data is stored on their own devices instead of my cloud?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
SkrOYC
Gold 5
Gold 5
In response to Danielsntgd
Reply posted on --/--/---- --:-- AM

Their notes are the ones that shouldn't be shared? Then make just a table for that, a little one that won't change it's schema in the near future

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Steve
Platinum 4
Platinum 4
Reply posted on --/--/---- --:-- AM

Private tables are a bad idea, period. They are practical in only a very, very few situations. Yours is not one of those situations.

What do you want to be considered "secure enough"?

Jump to Solution

Posted on --/--/---- --:-- AM
Danielsntgd
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

This is an Inventory app for products bought, sold, and returned. It contains notes, suppliers.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dbaum
Gold 4
Gold 4
Reply posted on --/--/---- --:-- AM
@Danielsntgd wrote:

When I use a shared table, it keeps everything in a Google Sheet on my account. Is this secure enough

If you consider any other file in your Google Drive secure enough, a file used as a data source for an AppSheet app is no different. Via the app, ensure that you:

  • apply the right security filters so that users don't have access to portions of the file's data  that you don't want them to access
  • limit the actions (e.g., update, delete) available to users who shouldn't be able to perform those actions
Jump to Solution

Posted on --/--/---- --:-- AM
Danielsntgd
Bronze 4
Bronze 4
In response to dbaum
Reply posted on --/--/---- --:-- AM

They're only able to access data through views? Or is there more I need to filter. With the help of people here, I finally figured out how to make an email security filter for added records.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dbaum
Gold 4
Gold 4
In response to Danielsntgd
Reply posted on --/--/---- --:-- AM

The crucial feature is each table's security filter. That governs what data is even sent from the server to the user's device.

Anyone using your app as you designed it will indeed be limited to the data you show in views. However, there are ways for savvy people to get at data allowed through a security filter even if it's not included in any view.

Be sure to review Security: The Essentials - AppSheet Help and its related articles. If you have specific questions about the information there, certainly ask in the community.

Jump to Solution

Posted on --/--/---- --:-- AM
Danielsntgd
Bronze 4
Bronze 4
In response to dbaum
Reply posted on --/--/---- --:-- AM

I'm trying to avoid people getting past my security filters, (even if they're saavy What's the best way to do this. And side question. Should I only show info in slices if I want to limit files that get exported to certain columns?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dbaum
Gold 4
Gold 4
In response to Danielsntgd
Reply posted on --/--/---- --:-- AM
@Danielsntgd wrote:

I'm trying to avoid people getting past my security filters, (even if they're saavy What's the best way to do this.

Define your security filter to exclude data that you don't want available to a user. If you do that, there's no way for the user to access that data via your app nor even via savvy use of the browser that's running your app and has data beyond what's explicitly displayed in your app's UI.

@Danielsntgd wrote:

Should I only show info in slices if I want to limit files that get exported to certain columns?

There are multiple ways to create file exports. Export this view to a CSV file - AppSheet Help indeed exports the columns that you include in the view where you make the action available. In addition, you can create an automation to export whatever data you want to make available in any of multiple file formats: Create and save a file from an automation - AppSheet Help

Jump to Solution
Top Labels in this Space