I would also add about data security on doc level.
-
You must understand that a Coda doc is shared in its entirety, regardless of what’s visible or hidden, locked or filtered out. Assume that whenever you share the doc with someone (even in View Only mode) they can read all data from it. That’s because the whole file is loaded on the client and at the client side it’s encoded (precisely, the way the data is encoded is easy to reverse-engineer)
See this topic as well:
Privacy laws and data protection - #2 by Paul_Danyliuk -
Cross-doc and forms allow to set up some sort of access control to pieces of data in a doc but there are gotchas. With cross-doc you must ensure that you’re not using a connection that has access to more data than should be shared (i.e. you have to create individual views for each and every link, and not reuse connection tokens in general). With forms you have to be careful not to leak private data through a shard (a subset of tables and rows that gets loaded along the form to support formulas and lookup values)
More:
[Lesson] Cross-Doc Best Practices
Security of personal data in published forms - #7 by Paul_Danyliuk