Shared views are not secure!

When creating a shared link I’ve noticed this is not secure at all!

  1. Base the base is locked
    2.Shared link is read only

Those with the link to the shared based can unfilter, show hidden, and ungroup options available - A client was unintentionally given access to my accounting page, a new employee has had access to all employees wage information.
How is this secure? Am I missing something, did something change?

Hi @Holli_Younger,

As far as I know, if you share a view the person can go through the sheet without editing permission but they can do what you described above because you are sharing an Unlocked view. (Im assuming?)

In order to avoid this (on the Pro Plan), you have to Lock the view, this will not allow anyone to change the filters.

I suggest you check the view link before sharing it in any case.


1 Like

@Mohamed_Swellam I didn’t mention I am on the Pro plan, but this is still allowing all locked and hidden fields to be viewed.

Here is an example base that I have locked, you can see you have access to view information. (specific table share link) (entire base read only share link)

@Holli_Younger what do you mean by the Base is locked? There is no option to send a view link for the entire base with it locked. The only way to share a VIEW and lock it. This is available on the Pro Plan and Enterprise Plan (that is why I mentioned it).

For example, the first link (locked view), I cannot unfilter and see the other information. I can only view what you shared.

In the other link for the Base View, I can see the full base and unfilter (there are 10 hidden fields in the first view for example).

To overcome this, share locked view links to the tables not to the base.

To be more specific, when I say base is locked - I have every table I need to share locked.
I guess I never realized you don’t have the option to share an entire read only base. Is there a way around providing my customer with 14 different links? These are tables that do not need to be on one base, as they provide different information.

I sent a private message. The ‘test’ page is working exactly how it used to work. However, one of my bases that was compromised is still showing hidden fields. Instead up posting personal information on the forum, I sent you a message with my example.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.