Jul 30, 2020 04:54 AM
Hi is there a way to hide certain fields from view?
I have an amazing base (if i do say so myself) for a charity that links all of our fundraisers and how much they have raised etc which is great what I want to add is a column for any of my paid fundraisers on how much I have spent on things like their wages so I can work out their ROI - not obviously I do not want them to be able to see each other’s wages is there a way to either hide a column or add an extra tab/table and hide that instead?
Solved! Go to Solution.
Aug 05, 2020 12:27 PM
Hi @Michelle_King,
Yes, as @Justin_Barrett mentioned above, the unfortunate news is that ANY collaborator (even read-only collaborators) have FULL ACCESS to viewing all of your data at all times — even hidden fields. Even if your collaborators are not allowed to create new views nor edit your data, they can still export all of the data from your system into an Excel spreadsheet, or duplicate your entire base for their own private usage into the future.
In essence, the way I recommend thinking about Airtable is that if you plan on making people collaborators, then Airtable should only be used with people you implicitly trust. Once you make someone a collaborator on your base (even a read-only collaborator), you don’t have any way to enforce data security with that person. You can prevent them from making changes to your data, but you can’t prevent them from seeing and/or stealing 100% of your data for their own personal usage later.
The best solution to workaround all of these security issues in Airtable is to use Stacker. Stacker fills in nearly 100% of the security holes that are in Airtable by giving you full control over your data & full control over your security permissions. Even better, Stacker allows you to conditionally show certain records to certain people, based on what records you want them to see.
Stacker is unable to fix OTHER security holes in Airtable. For example, once somebody knows the URL of one of your attachments, that attachment is ALWAYS publicly accessible to ANYONE who has that URL — even the general public. And even if you delete the attachment from Airtable, the attachment lives on for at least a year at that public URL. Stacker is unable to fix security holes such as this one, but Stacker IS able to fix the majority of security holes in Airtable.
Hope this helps!
Jul 30, 2020 09:31 AM
In general, fields can be hidden individually (click the “Hide fields” item on the view toolbar), but depending on how others access your base, they may or may not be able to unhide those. Are they collaborators with their own logins, or are they using your login? If they’re in the former category, I suggest reviewing the options available for their access level:
Aug 05, 2020 08:33 AM
Thanks so they are editors and use their own log in, I can hide fields and lock it so they cannot unhide them but they could then just create a new view which would then give them access to each others wages which is what I am trying to prevent - am I missing something obvious?
Aug 05, 2020 11:16 AM
Not really. If they have editor access, then it’s just like you said: they can create their own views and see everything. Lower access levels start to introduce restrictions, but as @ScottWorld has pointed out elsewhere, even someone with read-only access can still copy the entire base if they knew the steps.
It sounds like you may need to consider using third-party tools to let your collaborators edit the data in your base. Scott knows that realm far better than I do, so I’ll let him guide that side of the conversation.
Aug 05, 2020 11:29 AM
That’s a pity but thank you
Aug 05, 2020 12:27 PM
Hi @Michelle_King,
Yes, as @Justin_Barrett mentioned above, the unfortunate news is that ANY collaborator (even read-only collaborators) have FULL ACCESS to viewing all of your data at all times — even hidden fields. Even if your collaborators are not allowed to create new views nor edit your data, they can still export all of the data from your system into an Excel spreadsheet, or duplicate your entire base for their own private usage into the future.
In essence, the way I recommend thinking about Airtable is that if you plan on making people collaborators, then Airtable should only be used with people you implicitly trust. Once you make someone a collaborator on your base (even a read-only collaborator), you don’t have any way to enforce data security with that person. You can prevent them from making changes to your data, but you can’t prevent them from seeing and/or stealing 100% of your data for their own personal usage later.
The best solution to workaround all of these security issues in Airtable is to use Stacker. Stacker fills in nearly 100% of the security holes that are in Airtable by giving you full control over your data & full control over your security permissions. Even better, Stacker allows you to conditionally show certain records to certain people, based on what records you want them to see.
Stacker is unable to fix OTHER security holes in Airtable. For example, once somebody knows the URL of one of your attachments, that attachment is ALWAYS publicly accessible to ANYONE who has that URL — even the general public. And even if you delete the attachment from Airtable, the attachment lives on for at least a year at that public URL. Stacker is unable to fix security holes such as this one, but Stacker IS able to fix the majority of security holes in Airtable.
Hope this helps!
Aug 05, 2020 12:59 PM
Thanks not one to pop any wages detail into then
Aug 05, 2020 02:33 PM
Another option is to put wage details into a completely separate base that only you can access. While it’s not ideal to put similar information (i.e. employee data) into more than one base, it may be the best available option.