Hi All,
I’m hitting the App sheet API from Postman and I’m able to get the result as required. There is a security filter imposed to one of the tables and the API Call is now getting complicated.
This is the security filter that is being used:
If(USERROLE()=“Admin”,
TRUE,
USEREMAIL()=[Created_By])
When I hit the API with the security filter, I’m not able to retrieve any data. I tried mentioning the "
RunAsUserEmail" in the properties with the Admin’s email id, but it’s only returning the data entered by him.
I want the App to return all the data, my question is, is there any way to hit the API as Admin? and for that Is there anything to be added to the URL Or Authorization? It’s a critical issue we are facing.
@SkrOYC @jaichith @WillowMobileSys @Joseph_Seddik @Marc_Dillon @Suvrutt_Gurjar
Sorry, I don’t get your point completely. By checking, what do you mean
Write the security filter for example like..
If(
OR(USERROLE()=“Admin”,USEREMAIL()=“email@gmail.com”),
TRUE,
USEREMAIL()=[Created_By]
)
The email address can be whatever except the account owner’s or app user’s email address as you can use the same with the “RunAsUserEmail”.
Thank you for the reply. Out of curiosity, Why does it have to be whatever except the account owner’s?
I gave the Owner’s and it seems to be returning the records in API even without mentioning “RunAsUserEmail”. Can you explain how this works?
When running the webhook, it works as it’s triggered in AppSheet server where the owner is the app creators account.
But.. if you add just an email address that is not in your whitelist into the security filter, it doesn’t affect app and it’s usage. But when the webhook is using that email, it is able to read the whole data.
The reason I proposed something else than owner’s email address.. then it won’t affect your normal security filter.
1 Like