Re: Allow unrestricted access to shared forms

MichaelJS · ‎Jan 26, 2023

We are looking to enable users outside our domain (parents of our students) to submit a form with an attachment. If we turn on the setting "Allow unrestricted access to shared forms" at the org level what other impact might that have from a security perspective? We are using AirTable to manage very sensitive data about our students.

Thanks!

Ben_Young1 · ‎Jan 28, 2023

Hey @MichaelJS!

In the abstract, there are three things I keep in mind when it comes to security and shared Form views.

Creating versus editing: Form views do not allow you to edit existing data within a base or table(s).
They only facilitate the creation of new records.
While it's technically possible for a malicious actor to spam the creation of new records, you could implement a few form design decisions that would discourage or impede someone's ability to spam record creation and buy you enough time to catch the "attack" before it resulted in the creation of additional dirty data.
Linked records: If your form exposes a linked record field, someone filling out the form would be able to see the primary field values of all of the linked records in the related table. In my opinion, this is the biggest risk. However, it's only really an issue if your linked records' primary field contains any PII or otherwise sensitive data.
Validation & Audits: There are a few nifty tricks that you can use to implement an automated validation and review process of submitted forms. This really just depends on your comfort level with Airtable as a whole, but it's definitely possible.

With those things in mind, you're not putting too much at risk if you do a bit of planning and document where the potential risks are for your specific usage.

See Solution in Thread

Ben_Young1 · ‎Jan 28, 2023

Hey @MichaelJS!

In the abstract, there are three things I keep in mind when it comes to security and shared Form views.

Creating versus editing: Form views do not allow you to edit existing data within a base or table(s).
They only facilitate the creation of new records.
While it's technically possible for a malicious actor to spam the creation of new records, you could implement a few form design decisions that would discourage or impede someone's ability to spam record creation and buy you enough time to catch the "attack" before it resulted in the creation of additional dirty data.
Linked records: If your form exposes a linked record field, someone filling out the form would be able to see the primary field values of all of the linked records in the related table. In my opinion, this is the biggest risk. However, it's only really an issue if your linked records' primary field contains any PII or otherwise sensitive data.
Validation & Audits: There are a few nifty tricks that you can use to implement an automated validation and review process of submitted forms. This really just depends on your comfort level with Airtable as a whole, but it's definitely possible.

With those things in mind, you're not putting too much at risk if you do a bit of planning and document where the potential risks are for your specific usage.

MichaelJS · ‎Jan 30, 2023

Thanks, Ben. That's helpful. I'm looking into SSO as well, since the folks we want filling out the forms already have users accounts in our CRM.