Hey all, we are currently using confluence, and are exploring the option to move to CODA.
One thing that is highly unclear to me at the moment is how far things can go in Coda concerning doc-restrictions. Let me give some examples of how we use Confluence, and which we would need to re-create to make Coda work for us.
We have specific sheets with client information & license keys. This information should ONLY be available to the most core team-members, part of a specific group. Is this possible?
We ask externals to join for specific projects, from the entire workspace, these people should ONLY be able to see & edit one specific Doc, the one for their project.
Could anyone here help me out to determine whether these two options are, or are not possible?
Basically, security in Coda is at the level of the doc. Users that are invited to view the doc can view the entire doc, and likewise users that are added as editors can edit the entire doc.
Additionally, Coda does allow you to Hide Pages and there is something called Page Locking. This gives you a little more control over what elements are viewable/editable to users. However, it’s not very precise (it’s configured on a per-page basis rather than per-user) and it’s also not very secure — it will certainly stop the average user from seeing or meddling with things they shouldn’t, but anyone with a little experience with browser tools won’t have too much trouble accessing what’s locked/hidden.
If you want more granular control, there are some tricky ways (using formulas) to hide/lock various elements, but these all generally have the same security limitations.
So, to answer your questions more directly, yes, both those things are possible, as long as you keep the sensitive information in docs that are only shared with the people who should see it.
One more consideration if you have one table (or multiple tables) which has sensitive information that should be available to multiple different teams, and those teams should not be able to access other teams’ information, then the official Coda solution is Cross Doc. This allows you to maintain one single-source-of-truth database, and securely share only particular slices with particular teams (each team will have their own doc that syncs to the master doc).
Thank you for your reply.
I have looked into the option you mentioned, however it seems that within the same folder, all users are always able to view the created doc. Unless im fundamentally doing something wrong.
I do see that it is possible to add people to Folders, as such I imagine to have a single Folder per project would be possible, and only add members to relevant folders.
Right, so you can share entire folders with people (ie, add people to folders) AND you can simply share individual docs with people.
Say I have a folder called HR, and the the HR core team has access to all docs in the folder, and all new docs added to the folder. Now, one of those docs might contain financial information that someone from payroll needs access to. I can share just that one single doc with that person/people, and they will not have access to any of the other docs in the folder.