Dear Codans,
I have written before about the subject of rights and data protection and I have tried to find my own work arounds, but I am not getting there. The mechanism of locking and hiding pages seems to have some good uses, but there are a lot of issues that can’t be solved.
Using filters can hide a lot of data from preying eyes and/or make larger datasets more useful, but there are some limits there as well.
I have been playing with cross-doc, but I can’t see that as a real solution for my user case - it is limited in record size, it is a bit slow and only (auto)updates once an hour - max. Once your tables get more complicated with lookups, you need to also cross-doc your lookup tables. It is not a 2-way connection, so that complicates updating records if you only have access to the ‘slave’ doc.
In other posts I have read that hiding and filtering does not really give any protection, but from what I can see when looking at the page source, data that have been filtered out seems to not be in the source - at least, I can’t find it. With the current locking mechanism, filters can be pretty solid and users only see what I want them to see - even if they poke around in the source. I believe this is the same for hidden pages. Please correct me if I am wrong, but this is what it looks like to me.
When sharing docs there are three kinds of users: owners, editors and view only.
If all of the above is correct, in particular about the visible and non-visible data, I think there is a lot more possible to make rock solid apps, if the following could be accomplished.
- we need an extra sharing option: “users”
- we need an extra 'hide" option: we should be able to mark pages to be not visible for “users” and “can view” - without the possibility for these users to undo that setting (or the other way around: allow to mark pages that are visible for all, including users and if not marked, they are not visible for “users” and “can view”)
- we need to have the option to only allow owners to copy a doc
With these suggestions we can, for a lot of user cases, forget about cross docs and build pages for users with filtered views. Our main data and data logic stays in place, but the user pages would have real time information. We can give them very precise acces to information and let them interact with our data only those places where we want - while our editors (our team in my use case) can use the full doc.
Next level would be a locking mechanism on a table/view level, rather then the entire page, but for the time being we can accomplish that by having different (sets of) tables on different pages.
I realize this topic is not new in this community, but maybe I just shed some new light on this.
Thank you for your consideration,
Greetings,
Joost
PS: my use case is a team with access to most of my app, but many more ‘users’ that I want to give insight in their own data, as well as to some general information. But the data has to be near realtime, not delayed by up to an hour.
. We appreciate requests like these where users passionately articulate their ideas on how Coda could be better (not that this is the only one!). Getting to see feedback straight from our users like this is one of the many great things about our community.