The security flaws in Airtable’s sharing model need to be fixed ASAP

As discussed in this thread, any users of a database are able to share that database with other users, even if the creator didn’t authorize those other users.

Furthermore, any users of a database are able to duplicate the database without permission from the creator.

The creator is never alerted to any of these actions, either.

This is a huge security concern for any business.

Creators should be the only ones who are allowed to share the table with other users OR duplicate the table. Period.

If the creator wants other people to be able to share or duplicate the table, then they should EXPLICITLY be able to turn on those privileges for specific users.

Additionally, if another user shares or duplicates the database, the creator should then be informed of it via email.

Otherwise, as it stands now, we have a potential security nightmare.

3 Likes

More info in this thread:

I trust you’re aware of and reviewed the current security beta features and factored these into your product suggestion?

As far as I can tell, they haven’t changed “table sharing” or “table duplication” permissions with those new security features. Although those new security features are extremely welcome (albeit overdue)!

1 Like

Has there been any word from the devs on this? It’s astonishing to me that there is still no way to restrict base sharing to owner/creator level.