Help

Save the date! Join us on October 16 for our Product Ops launch event. Register here.

Disable Export CSV

Topic Labels: ImportingExporting
5210 5
cancel
Showing results for 
Search instead for 
Did you mean: 
Claudio_Corazzi
4 - Data Explorer
4 - Data Explorer

Is it possible to disable CSV export for some users?

5 Replies 5
Nick_P
4 - Data Explorer
4 - Data Explorer

Bump! I would also like to know this, as my boss is hesitant to put any sensitive data into the system if a disgruntled employee could just walk away with it at any time.

Gavin_McWhirter
4 - Data Explorer
4 - Data Explorer

Hi Claudio,
Did you get an answer on your question about the CSV export option, as I am keen to do the same?
Thanks
Gavin

Gibran_Bham
4 - Data Explorer
4 - Data Explorer

Is there any update on this
This is a major flaw in my opinion

Airtable is what I would consider a low-security platform.

If you make someone a collaborator (even a read-only collaborator), it is not possible to disable the CSV exporting capability. It is one of the 7 major security flaws in Airtable, which I outline throughout this thread.

Once someone is a collaborator of your database, they always have full access to all of your data in multiple different ways, including making an entire copy of your entire base for their own private usage. Collaborators (including read-only collaborators) can even invite additional collaborators to access your database, even if you didn’t approve those additional people! And attachments are always publicly visible at their URLs, even after the attachments are deleted from your database.

So, collaborators should only be people whom you fully trust 100%, because you really have zero security in Airtable when it comes to collaborators.

The only way to prevent someone from being able to export a CSV file of your database (or exploit your data in other ways) is to remove their access as a collaborator altogether. Then, you could give them a “read-only share link” to one of your views. For most people, though, that solution really isn’t that helpful because: (1) it prevents them from editing any of your data, (2) they can’t comment on any of your records, and (3) they don’t have access to any other tables or views unless you generate more share links for them.

You can workaround many of these security issues by using Stacker to access your Airtable database, instead of using the Airtable interface itself. Stacker adds in almost all of the missing security features from Airtable, and Stacker adds in tons of excellent new features as well — such as people only being allowed to view the records that you want them to see.

AV
4 - Data Explorer
4 - Data Explorer

As a result of sharing with the wrong new team member, we had a leak of over 10 thousand sensitive user data through Export CSV:
- There is no way to disable the export button based on users (wish it was for everyone)
- Cannot restrict the database to users but have access to the entire base
- If you hide the fields just quickly duplicate the base for the user and make the fields visible

Zero security. I see this is a 2019 topic and nothing seems to have been developed....