Again running into issues with not having more granular control of User Permissions. Wondering if this is on the Roadmap and if so (Though I know you can’t say when) is it one of the higher priority items?
I looks like a big solution to a smaller problem. My main goal is to prevent users from changing my data. That said I can take API key leaking, if it would be possible to set a base to “read only”. Right now this seems not to be the case, so the proxy is a plus for security.
On the other hand I do not know if thunkable uses internally also the REST API. Because it is a no-code platform I use blocks but do not know what’s behind the curtains. When using the Web APIs I am aware of the 5 requests/second limit, but I don’t know if this limit may apply also to the internal functions (blocks). This is a reason for me to have a closer look at caching proxies, not for security but for availability reasons.
Anyone who discovers you API key has access to not only every part of you base, but also every part of every base in your entire account.
Another option for “read-only” access is to create a new Airtable account and give that account read-only access to only that specific base. Then use that user’s API key to access the Rest API from your app. If that API key is compromised, no data can be changed and no other bases are compromised. Read only users are free.
For full access via the Rest API, I also recommend a proxy to store the key. That will allow you to change the api key if you ever need to.
Hi @kuovonne, that sounds like a great idea. I am on the free plan, how can I create a new account? I entered “create new account” in airtable’s help pages, but got no result that helped me further.
You will need a different email address for the new account. After you setup the new email address, add that email address as a base collaborator then follow the instructions in the email that is sent. (You may need to log out of your existing account first.)
Airtable is a wonderful platform but it moves SLOW. Like, glacially slow. I wanted to move my company to working with it but I when I saw that there are so many requests that were addressed in a very knowledgable and lengthy ways by the company’s representatives it seems like most of then got stuck in this phase. Of writing essays.
This request is more than 4 years old. 4 years. And how much changed with the user permissions? NOTHING.
I love the new automations and the button field which is really awesome but without the ability to control who can see and edit what it is useless.
Get it together Airtable. User permissions are not that hard. Give your customers clarity. They deserve it. And please, stop with the essays. Learn to write concisely - it is frustrating to read so much just to acknowledge that you will do nothing about it.
To sum up… Find a way to move faster in crucial features or Monday will eat you up.
I’m not sure which “essays” by company representatives you are referring to. Almost all of the posts in this thread and in the community at large are written by other Airtable users on their own time, not Airtable employees.
Although Airtable does not yet have the advanced user permissions that you and many others would like, I wouldn’t say that Airtable has done nothing in four years. Airtable has released table and field level permissions. Airtable allows shared views and protecting shared views via password or domain. Airtable also just release syncing between bases, which has huge implications for based design and user permissions.
I do not work for Airtable and Airtable tends to keep quiet about its roadmap. I have no more idea of when view permissions will be released than you.
If you need users to be able to edit a record but not view a specific field in the record, I suggest you check out the third party tools Stacker and/or MiniExtensions.
Oren, in all forms of technology, pointing to a forum thread that’s nearly four years old is pretty much irrelevant. A lot was said back then that is certainly untruthful today. We know more about workarounds, and we have vastly different features that we can draw upon.
Whenever looking for answers in a technical climate, it’s best to start reading from the bottom because that’s where the most recent and accurate information will be. Blogs, for example are reverse chronological because the pace of change, knowledge, and understanding makes earlier posts obsolete.
The concept of “user permissions” and “view permissions” are very different ideas that need finer points, but regardless, Airtable is probably not the right platform if this feature is crucial to your work because I don’t see it happening soon. Best to move to something that handles these use cases
.
Perhaps, but I think you actually mean field-level user permissions. If so, this statement could could not be further from the truth. I would love to learn how you conclude that field-level security and permissions are akin to “easy”. Please feel free to write a lengthy essay so that I and the Airtable dev team can understand the secret to effortless field-level permissions design.
Another alternative involves updating records through forms and automations. You can create a button that opens an update record form targeting the record of choice. Then use automations to take the input from that form and update the record.
It’s more work than the three sentences above may make it sound, but it allows you to give a view-only link to someone and restrict exactly what they can see and edit.
Also, don’t take Bill’s attitude too personally. Although he is right, the sarcasm at the end of the post might be a bit much :slightly_smiling_face: