Restricting view to sensitive columns


#1

I am new to AirTable, and I LOVE it so far. I need the ability to set a junior staffer’s viewing/editing permission to see and edit some of the columns but not certain sensitive ones.
Is there a help topic I can read on this?
Or do I need to create a new related table or base for her which links to mine but I’ve taken out some columns?
thanks in advance.


#2

Hi, im also looking for a way to restrict access to some sensitive columns for specific users. We’re started using airtable as our main online database for our product.
Because there is GDPR directive by European union on the way, all of us must focus on security of personal records about all clients, freelancers or our employees… Right now we have columns with name, recipe and amount of money - together could be used for identification = personal records and we must manage them very carefully(restrict access for some of our employees).
This GDPR directive means that all companies must hide data (that could be used for personal identifications) for users they don’t need them for work. Or delete (anonymize) them if subject asks. And because payments and names are sensitive data id they are together in 1 table for analytics, we must anonymize or hide them because they are personal record…


#3

Another problem is about our employees, vacations, tracked toggl times and hour pool of them. In this case I’m able to create for each employee specific view with datas related only to him. So there is hidden fields which are about others. And it’s OK for GDPR.


#4

There are now several topics on here about granular permissions - it is absolutely vital - especially in the light of GDPR which doesn’t only affect EU users - but anyone holding data about EU citizens wherever they are.

The security will require both field/column based access control and also row/record level security - probably based on users / user groups.

I’m pretty sure GDPR will also require EU based servers as well.


#5

Fortunately, in our case, it’s business data, not individual people. + Basic data (not final) about our employees’ salaries.

EU based servers? I hope, USA-EU safe harbor agreement will be still valid. We’ll see what we will learn when implementing gdpr in our company :smiley:


#6

That is only one of the points concerning us as European users. What about data storage? the gdpr request the data to be stored within the EU borders?

How does AirTable take care of this issue for it’s European users? What are the plans, timelines, etc. for gdpr compatibility?


#7

The USA-EU safe harbour agreement has long since ceased to be valid…

The GDPR is a big concern for us as well. Especially the storage and permissions in databases will be decisive.