Sorry, could not find this. I have an App on Appsheet Core secure plan, but with Public Access enabled and no signin required. So everyone is a guest. I do this as I have some security filtering used on some tables based upon user context of the person using the app (user settings). I would have thought that the number of licenses required would equal the peak concurrent guests from the previous 30 day period. Is that right? Or is each user that uses the app from the previous 30 days considered a different guest that needs to be licensed? The documentation talks about âActive Usersâ but does not fully describe what defines an âActive Userâ. Also if I have 30 people use the app in January; and a different 30 people access the app in February - do I need 30 licenses or 60 licenses? If the 30 in January are not going to use the App ever again, can those 30 users be âpurgedâ from the App at the end of January so I only pay for the 30 in February that are new different users.
The account counts them.. probably with the device/browser ID. I havenât checked that from devs, but it counts them. If not, then there would be only one guest user and that would not make any sense
If it counts them, does the number reset at the end of month? And is it concurrent users peak, or all users. So if I have 10 guest users on Tuesday, and 1 guest user every other day of the month of 30 days. Do I need 10 licenses or do I need 39 licenses? And then the following month - if I have a peak of 100 users for that month - but for the following 6 months I only have 10 users per month. So I need to license 100 users at the end of that month and continue to license that for every subsequent month?
The period is not the month, it depends on when you have purchased the Core license. The period should start from that day, not like the 1st day of the month. The basic process should be.. #1 - You pay the licenses in advance #2 - The service follows how many users are using your deployed apps for the next 30 days #3 - If the user amount is less than purchased licenses, everything is fine #4 - If it goes over, the service will send you few warning emails.. and then finally it will block your account if you donât update the license amount #5 - When you pay the bill again, it starts the same process again
For the 1st question, you need 39. For the 2nd, you need 100 for that one month. After that month, 10 licenses.
Would it be better to have at least the authentication ON so you could have a total control for your licenses? Lets say for example you have 10 app users but they are using your app without auth with 5 different devices/browsers, you would need to have 50 licenses.
The app collects workshop audience responses. Some months we may run a
number of workshops and have 400 people, the next month it could be 10
users.
I would prefer to use security filters to reduce the chance that audience
member could access data that is not theirs. But I donât want to force the
audience member to login as that is an overhead I would rather avoid for
them.
So it sounds like we should set license count to a fair minimum and monitor
the situation.
With Publisher Pro you cannot use security filters and can only use
something like slices - is that rightâ
[image: photo]
Mike Francis
Staff Architect, Customer Success, VMware
(PII Removed by Staff)
| www.vmware.com
| (PII Removed by Staff)
If the app doesnât require sign-in, we count every device that launches the app as a separate user. Each signed-in user can use the app on as many as five devices. For example, a user with the email jane@example.com uses an AppSheet app that requires sign-in. When Jane uses the app on her smartphone, desktop, and tablet, it still counts as one user. If the app didnât require sign-in, then it would count as three distinct âguestâ users.
Btw.. if you need to use security filter, then your app requires user sign-in. With the option âAllow all signed-in usersâ, you donât need to maintain userâs email addresses.
I am using User Settings to capture an email address and then using that email address as the security filter. In this way, they donât have a requirement for an external auth provider.
As you accurately noted, your approach only âreducesâ the chance that one user accesses anotherâs data. As it seems like you realize, your approach doesnât actually prevent that since it does not authenticate the users. Anyone could enter any email addressâincluding another userâs email address.
If you have any sensitive data saved, whoever is able to see it. Even if the app would read the email address, someone could hack the Usersettings as itâs on the client side.
I was just trying to understand how.