Clarification with Security Filters

anonymous · August 22, 2020, 3:49pm

Thanks again, and it really is thelast piece in the jigsaw…

anonymous · August 22, 2020, 5:06pm

Ok, I think I’ve done it.
Slice created from the ‘Operators’ table with a row filter condition of:

IN([Branch], SELECT(Operators[Branch], [LoginAddress] = USEREMAIL()))
And base the view on the slice. That shows everyone in the LoginAddress [Branch] for the logged in user.

Then duplicate the view, call it “Operators Admin” and base that on the raw table, menu, and a ShowIf of
USEREMAIL()=“ImTheAdminGuy@gmail.com” which only I can see.

Steve · August 22, 2020, 5:26pm

It appears the issue is attempting to apply a security filter that references the very table being filtered. That’s not possible, as the table itself is only complete and usable after the security filter has been applied; therefore, the table as a whole is unavailable within the security filter expression.

I only figured this out myself in the last few weeks.

anonymous · August 22, 2020, 5:30pm

Yes that makes sense when you know the sequence of the table loading and as Suvrutt suggested a different table would only question the Operators table once it was available.

But for my purpose another table would cause me issues, my work around above does just what it needs, give users views of members in their Branch but allow me to see everything.

Result

Suvrutt_Gurjar · August 22, 2020, 5:44pm

Hi @Steve,

Thank you for your guidance. I understand now.

Hi @Dave_Willett,

Thanks for your update. You seem to have solved the requirement by creating a slice. I believe slice filters and security filters are fundamentally different from security point of view and the way data reaches a user’s device. Our initial discussion was about using security filters. I believe the constraint describded by @Steve above for security filters is not applicable for slice filters and so slice filter conidtion on same table works.

Anyway, I believe that slice filter may be OK for you because as per requirement, each person in that branch needs to anyway see all the records for that branch so I believe essentially security filter is unnecessary. However I believe with slice filter all the records of all the branches will reach user’s device in the absence of a security filter. You may evaluate that if it is OK for you.

I believe in this process , we got some more insights on security filters and slice filters, especially after @steve’s guidance.

anonymous · August 23, 2020, 9:48am

Thank you guys. I’m learning every day and improving as I go.
I understand I have to trade off using the slice but for this purpose it might not be that detrimental.

Suvrutt_Gurjar · August 23, 2020, 10:53am

Thank you Dave for the update. Nice to know you have evaluated the impact of using a slice.

Topic		Replies	Views
Security, User Permissions AppSheet Q&A admin	7	28	October 30, 2020
Security Expression AppSheet Q&A expressions	12	37	July 9, 2021
Allow traveler to see their data and budget holders to see their users data AppSheet Q&A users , admin , automation , app-management , databases , errors , expressions	18	49	January 27, 2025

Clarification with Security Filters

AI Suggested topics