Security flaw with Access Control table

This is a question most specifically for @Scott_Collier-Weir, since it’s his Access Control table that I’m working with (thank you!). However, it seems that the issue may be a more general Coda feature - so possible that others could weigh in as well.

My issue is that Coda is showing “private” content through linked relations, outside of what Scott’s Access Control table is supposed to allow.

Some images likely explain this better…

I have created this table:

Note the “Who Has Access” column at the end of the table, with me and Corina as the only two people who can access these particular rows. All good so far: Scott’s table works like a charm, and if I log in with a different account these rows don’t appear. :+1:

However, the Teamwork Project column (column 2) is a linked relation to another table. And when I mouse over that column, Coda offers a window into that table, like so:

Note that this popup lists various tasks associated with this project. For instance, in this case, it lists “Review 2nd Draft”, which happens to be a row that Corina shouldn’t have access to.

If I continue rolling over the content within that window, for instance, rolling over “Review 2nd Draft”, it offers me further details, and even lets me open up the full Canvas of that row.

Soooooo…my question for Scott and/or anyone else is:

  • Is there a way to prevent this relational information from showing?


The information that shows in a chip when you hover over, it are the visible columns on the source table. If you just hide all of the visible columns on the source table, except for the display column that should solve it. But I only had a quick glance, maybe good if others weigh in as well.

1 Like

As scott said with column management on the source table. Or if you really only want the text and don’t need to have the vision on the object you can a formula column that takes the item and put it in text format.