I’ve hidden our backend folders, but users can still access them.
In the screenshot below, you’ll see that if a user clicks the three dots in the task modal, they have the option to See this in DB Tasks. This temporarily unhides the source database, allowing them to view it.
How can I lock this down further?
I’m coming from Notion, where we ran into frequent issues with data disappearing due to human error, sometimes without a way to recover it. I want to minimize the risk of accidental changes or exposure as much as possible.
Any suggestions? Thanks in advance! 
2 Likes
Hi Edan,
If your only concern in is to prevent accidental deletion of data, you can use the locking menu. There you can for example set it so that users can only delete the ones they created themselves or prevent them from deleting anything at all.
If you actually don’t want users to see any data that is hidden, then unfortunatelly you will have to store it in another document and bring to the current one only the necessary data. There are many ways for users to unwittingly access hidden data that cannot be restricted at the moment, even if Coda has promised they will work on this this year (search bar, clicking on another user’s avatar, the ‘pagination’ widget at the bottom of a detailed view and the one that you’ve shown among others)
Depending on your use-case, that could be done via Cross-Docs, Synced pages or Webhooks.
Let us know a bit more in detail about your use-case and we will be able to advise you farther.
Hope this helps,
Pablo
4 Likes
Thanks for the detailed response, @Pablo_DV! 
I have to admit, I expected more. Stronger permission controls were one of the main reasons I considered moving from Notion to Coda. While the added flexibility with formulas and databases is great, a lot of that could be handled in Notion with the help of Make.
The more I use Coda, the more I find myself puzzled by the experience. On one hand, the platform showcases incredible capabilities in development—delivering something remarkably flexible and powerful at its core. Yet, despite having such a strong foundation, the lack of key updates —especially ones that seem relatively simple to implement but highly impactful for users —is frustrating.
I just don’t get it. 
3 Likes
Hi @Edan_Ben-Atar,
There are ways to make the data secure, but you need to store it in different documents, requires more work to set up and have some drawbacks. But at least you definetly have many more options than in Notion.
Here you have some really good discussion about the topic: Unintuitive But Possibly More Secure Coda Publishing Setup – Looking for Feedback - Ask the Community - Coda Maker Community
I agree that there are some small features that would help a lot, specially regarding the discoverability of hidden data, but at least Coda has promised to work on it this year.
3 Likes
I came across that thread late last night, and it only reinforced my concerns about Coda and its development direction.
My main reason for considering a move from our Notion/Make setup is that it’s becoming increasingly clear that the company’s priorities don’t fully align with what the community is asking for.
I appreciate the flexibility both apps bring to the table, but I’m growing tired of constantly relying on workarounds for fundamental features.
At this point, I’ll have to continue exploring other solutions before fully committing. It’s frustrating because I’ve already invested in Coda, both financially and in building out our setup, but I need to be sure it’s the right long-term fit.
2 Likes
I think they do mostly align, but company resources are finite and not everything can be prioritized. Here’s a road-map for another highly-demanded feature that should help a lot with many data-security related topics: Launched: Sync page access control (view-only) - News from Coda - Coda Maker Community
But please, do continue to explore other options. I haven’t found anything close to Coda in terms of speed of development and flexibility, but if you do, please report back here and share your experience!
2 Likes
I was at the 2024 Review / 2025 Outlook meeting. This will be solved this year. They showed the upcoming possibility to separate a doc into “Front-End” and “Back-End” making the things on the Backend undiscoverable by users. It was a major confidence-boost for me in Coda!
8 Likes
Thanks for sharing, I will need to take a look into Fibery!
But for what it’s worth, in the meeting Stefan mentions Coda also promised to improve performance, so that docs are able to manage hundreds of thousands of records!
1 Like
@Edan_Ben-Atar @Pablo_DV
the founder of fibery posted this on coda.io reddit re: grammarly merger thread
https://www.reddit.com/r/codaio/comments/1hgem15/comment/m2mkq9z/
it’s his take on pros and cons between coda and fibery.
havent tried fibery so cant confirm his take on things.
for me, when i chose a product to adopt (personal use cases, business use cases) - i look at the $$$ (investment backing), founders resumes (track record) and size of company (# of employees). (and also community & support plays a part)
at the time of my transitioning from airtable, i looked at smart suite and retable. The latter has issues operating (if they still are or not) and arent very transparent about it. and there are people posting on their official fb page quite often asking what happened to their lifetime access they paid for 
as stated previously, im cautiously optimistic the merger with grammarly is an advantageous one. Increased resources ($$, employees) will hopefully result in those things they promised at the 2024 Review / 2025 Outlook meeting.
I think they just need time to settle in from the merger (2-3 months?).
at the end of the day, no SaaS product is perfect, we determine our non-negotiables and what we can tolerate and choose the lesser of evils in the software LOL
cheers!
Mel
1 Like
Hi @Edan_Ben-Atar - I think there’s a functional, simple solution here (though it doesn’t solve the UI issue of seeing that “See this in DB” option.
In the filter of your DB table, just add user().email.containsText("edan@gmail.com") - This way, even if a user accesses the DB table, they won’t see (or be able to delete) anything.
3 Likes
Great news about separating Backend and Front-end!
But the Editor ( the Free and Pro tariffs) can enter the table options and delete the mentioned filter. Can’t he?
