Skip to main content

I’m having trouble with setting up better security here for critical/confidential data.



I setup Tables with permissions for only myself to add/delete records.


I setup every Field with permissions for only specific people to update data in the fields they own.


Everyone else is set to “commenter” role (which is the most worthless feature btw) to allow them to read only but still have access to personal views.



my dilemmas:







  1. Is there a way to not allow anyone to create share links or add users? I found out that some commenters and editors were able to add users or share links on their own without my approval, which is incredibly unsafe. Surely there must be a way to limit this to Creator role or disable for specific roles?







  2. Is there a way to allow users to create personal views, but only with shown fields? For example if I setup a table with a lot of backend fields that I control, but only want users to see the shown fields. I still want them to be able to further filter or customize their views by arranging fields or hiding more fields, but I do NOT want them to be able to turn on fields I already have hidden unless they are creator for example.







I love Airtable, and excited to figure out Sync and such, but as I build in more users im struggling with data security and access controls. How are people overcoming this?

Unfortunately, Airtable is what I would call a “relatively low-security” platform.



There are at least 9 security holes in the product that I am personally aware of:







  1. All collaborators, even read-only collaborators, can duplicate an entire base into their own personal workspace.







  2. All collaborators, even read-only collaborators, can export a CSV file of an entire table.







  3. All collaborators, even read-only collaborators, can select all of the records in an entire table and press command-C to copy all of the table’s data with one click.







  4. All collaborators, even read-only collaborators, are allowed to share the entire base with other people. Yes, they can only grant other people the same permissions that they currently have (or lower), but this is still a concern.







  5. All collaborators, even read-only collaborators, can always view 100% of the fields, records, and tables in an entire base.







  6. All blocks that depend on an API key to access an external service (such as the Google Maps block, the SendGrid email block, the Formstack Documents Block, the TypeForm block, etc.) expose your API key to anybody who uses your system, even a read-only user. With access to your API key, every user has unlimited access to your account with that external service . This can cause all sorts of seriously destructive problems, such as: people sending unauthorized emails that seem to be coming from YOU; theft of all of your data from these 3rd-party services; outrageously expensive fees (potentially in the thousands of dollars) when these other services charge “you“ for using their services; complete loss of all your data that is stored at these external services.







  7. When sharing a block using the new block sharing feature (which is currently in beta), users have access to all data in all tables.







  8. Uploaded attachments are always publicly visible at their URL, with no additional security preventing them from being seen. If someone has the URL, they can view the attachment. No logins or authentication required.







  9. Uploaded attachments, even after being deleted from Airtable, are always visible to the general public by their URL. Any unauthorized users who have the URL can access the attachment. The worst part about this is that even if you completely delete the attachments from your system, they are still accessible to the general public. (More details in this thread .)







The solution for numbers 1-7 is to use Stacker instead of Airtable as your user interface. Stacker also adds on tons of other amazing security features as well, such as only allowing people to see the records that you authorize them to see!



However, Stacker can not fix 8 & 9.



As a professional Airtable consultant and developer, Stacker is what many of business clients are using with Airtable.

Reply


Terms & Conditions