Quick question if anyone knows… when you hide a column on a table, is there anyway to see or that columns data? I’m talking like digging through things with F12 tools etc. I realise changing things through the API would still be possible, just wondering about from the front end.
Hi @Peter1,
I can not say that it is 100 impossible however doing a quick test I was not able to see data that was not shown in a column.
I think it would depend on how you share your doc and what restrictions you put in place.
If you load the public link in an incognito session check that the ability to unhide columns has been removed.
If you then add ?viewMode=embedplay to the end of the URL it will treat the doc as an embedded and enable the play mode. If there is already a question mark in your link with parameters simply backspace these and try just the above.
Example non-working URL: https://coda.io/embed/randomcode/page_code?viewMode=embedplay
This is where some users slip up as this makes it possible to see all hidden pages and bypasses certain restrictions including exposing all hidden data.
If you turn off Enable play in this share settings this does not actually disable it, it simply removes the URL parameter above which turns play mode on.
I am sure there are document locking features if you have the higher tier Teams license however I am not familiar with these and you will need to make sure they are configured.
All the best
Dale
Thanks for the reply Dale, much appreciated. I’ll look into what you mentioned.
I am using the Teams license currently as I have the credit to spare 
but I read that the Locking shouldn’t be treated as permissions, however that only seems to pertain to the fact that things are still fetchable via the API.
I’m assuming its not possible to access anything via the front end if things are hidden and Locked, but it doesn’t explicitly say that anywhere I’ve read, so was hoping to get some confirmation.
All I’m really wanting to confirm is if hiding columns means its not accessible via the front end.
For my needs though, I’m thinking of just doing a webhook/form setup with a private back end as I’m planning to have a database of users.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.