As a workspace owner, I would like to restrict access to specific tabs based on user role so that I can protect sensitive information without having to create a separate base.

This is going to be needed for many serious business use cases.

We’d find this helpful too. We have different tables for different teams of users, all of whom need to link to other tables, but they don’t need to be able to edit records in the tables they’re linking to.

+1 on this
So many of the best things about Airtable is only possible when you keep all in the same table, but there are several downsides to everyone accessing everything

+1 Yes fellow humans, locking tables and being able to hide them would be a “fix” for not being able to link bases. I want my team to be able to work on a single table and pull info from other tables that are managed by other teams. Being able to lock a row of data would also be beneficial. For those teams like ours that are using this as a real database that is flexible, a couple of things like this are really massive pieces of the puzzle.

Exciting stuff! Are there any plans to introduce more granular permissions by table, not just the entire base? For instance I’d love to be able to share only certain tables/views of a base with users, but not give them access to the entire base. Without a feature like this, all users have access to all information within the base, which makes it difficult to fully implement in our organization.

The issue I’m grappling with is storing social security numbers for a use case in the legal space. I think we can be very open with access in the system we’re looking to build, in a lot of ways, but not sure we’ll want to work with AirTable if everyone who’s going to have access to the system, will have access to view SSNs.

Per-view permissions could do it: we could just grant editor permissions on a set of views, none of which had SSN.

Per-table permissions would be even better: we could just create a single table with sensitive info, that’s 1-1 with the table it’s related to, and then we could grant collaborator access to everything but that table.

Some kind of cross-base linking functionality could also do it: we certainly could go to considerable effort to hack things together. For example, if there were ways to include a link to a record from another base, even if most things that involved it required some extra coding, or there were somewhat limited uses, we could have another base with the sensitive info, that some people couldn’t access. When non-privileged users tried to edit or view that info, as long as it failed fairly gracefully, e.g. showing the value as “you don’t have access” or “error” but having the rest of the view still work, that’d be fine.

Per-record access might work: we might be able to hack something together.

I also think about 90% of the comments on this page could be addressed with either per-table or per-view access, for users willing to make it work. I guess the crux of the issue is that in the current model viewing data is considered the least sensitive thing, whereas sometimes editing, or even changing database structures is way less sensitive than viewing key fields.

I posted my concern about the security implications before seeing your discussion (see here:
My post).
I can see I am not the only one with these concerns. Airtable, are there any updates on introducing
more granular permissions?

@Katherine_Duh @Howie

After reading so many posts on this very important issue of granular permissions,
can you please let us know when you are going to introduce them into Airtable?
This part clearly hampers a wider use of your product which is a good one but
certainly needs this massive improvement. It would be reassuring if you could
let us know if and when you are going to implement this.

Thank you.

+1!

We really do not have enough opportunity to share a part of the table with access for editing or commenting.
Need more opportunities for sharing tables!

My organisation want to completely switch from Google tables to your service, but the lack of this capability limits us.

Yes please. as you can’t sync between bases or teams then the ability to hide my sales table to some of the staff is null. left with having to manually sync between two bases on different teams.