"Search" unfortunately reveals all "hidden" pages, all hidden data

there is a way to hide sensitive data in your document that is not uncovered by the search bar.
it takes some effort to implement this work-around.

(many thanks to @Nina_Ledid for documenting this technique as follows)…

  • Create an Admin Table, listing anyone who will be able to see all the Sensitive Table
  • Set up a control (eg: AdminAccessSelector), displaying “false” if currently logged in user is not listed within admin table
  • Set the sensitive table to filter User=AdminAccessSelector.
    • So that, any user who is not an Admin will not see any results.
    • Set the sensitive table layout to display zero columns.
  • Vitally Important: Its not enough to simply hide all columns.
    • You need to edit the main layout of the Sensitive Table, in order to ensure that the ”Hidden Column Link” toggle is set to is NOT-visible. Otherwise, any malicious user would simply need to click on “Show hidden columns” within row modal to see the sensitive data.
  • On the Sensitive Table, insert a new column, type formula, set it to Display Column, and set the formula to a suitable error message like User().Name+" may not access this data"
  • Lock the page containing the Sensitive Table and the AdminAccessSelector control.

This lets us hide the sensitive data from the search function and from users clicking on the table name at the top of a dialog-box. Any searches that result in hits to the Sensitive Table, will only show the formula column containing the error message.

But it is not totally hacker-proof - a knowledgable, determined user could use the developer-tools of their browser to delve into the internal structure of the document and uncover the hidden data.

So using cross-doc is the more secure solution.

2 Likes