Save the date! Join us on October 16 for our Product Ops launch event. Register here.
Feb 21, 2019 02:20 PM
Is it possible to disable CSV export for some users?
Jan 24, 2020 03:48 PM
Bump! I would also like to know this, as my boss is hesitant to put any sensitive data into the system if a disgruntled employee could just walk away with it at any time.
Apr 15, 2020 07:17 AM
Hi Claudio,
Did you get an answer on your question about the CSV export option, as I am keen to do the same?
Thanks
Gavin
Jul 26, 2020 01:52 PM
Is there any update on this
This is a major flaw in my opinion
Jul 26, 2020 03:37 PM
Airtable is what I would consider a low-security platform.
If you make someone a collaborator (even a read-only collaborator), it is not possible to disable the CSV exporting capability. It is one of the 7 major security flaws in Airtable, which I outline throughout this thread.
Once someone is a collaborator of your database, they always have full access to all of your data in multiple different ways, including making an entire copy of your entire base for their own private usage. Collaborators (including read-only collaborators) can even invite additional collaborators to access your database, even if you didn’t approve those additional people! And attachments are always publicly visible at their URLs, even after the attachments are deleted from your database.
So, collaborators should only be people whom you fully trust 100%, because you really have zero security in Airtable when it comes to collaborators.
The only way to prevent someone from being able to export a CSV file of your database (or exploit your data in other ways) is to remove their access as a collaborator altogether. Then, you could give them a “read-only share link” to one of your views. For most people, though, that solution really isn’t that helpful because: (1) it prevents them from editing any of your data, (2) they can’t comment on any of your records, and (3) they don’t have access to any other tables or views unless you generate more share links for them.
You can workaround many of these security issues by using Stacker to access your Airtable database, instead of using the Airtable interface itself. Stacker adds in almost all of the missing security features from Airtable, and Stacker adds in tons of excellent new features as well — such as people only being allowed to view the records that you want them to see.
May 31, 2023 11:15 PM
As a result of sharing with the wrong new team member, we had a leak of over 10 thousand sensitive user data through Export CSV:
- There is no way to disable the export button based on users (wish it was for everyone)
- Cannot restrict the database to users but have access to the entire base
- If you hide the fields just quickly duplicate the base for the user and make the fields visible
Zero security. I see this is a 2019 topic and nothing seems to have been developed....