I work a lot on my board to avoid my user is able to change some data. I use Airtable to manage the sales and stock of my shop.
For that I lock view, give specific permission and so on, but I just noticed that a user can create a Grid new view which gave him access to edit/delete any field he is not supposed to be able to, when he is on his “limited view” I have created for him.
So basically, anyone can just create a grid view, change my orders/stock amount or so, then delete the personal view and that’s it, my data are corrupted.
Do you know a way to avoid specific users to create a new view ?
The solution is that you would need to use field permissions to prevent them from editing the fields that you don’t want them to edit.
There is no such thing as “view permissions” in Airtable, so you can’t prevent them from seeing any views within Airtable. In other words, Airtable users that have permission to access your base are always allowed to see ALL VIEWS.
So the only way to prevent an editor/creator from editing data is to use field permissions.
Alternatively, you can also prevent a user from editing data by changing their permissions to “commenter” or “read only”, but that will prevent them from editing ALL FIELDS.
Similarly, if you only want them to see ONE SPECIFIC VIEW in your entire base, you can send them a share link for that specific view only, but links are always read-only, so again, they won’t be able to edit ANY of the fields.
For more advanced permissions than what I’ve described above, you would need to use an external app like Stacker. Stacker gives complete control over viewing & editing data by table, view, record, and field.