Help

This Product Ideas board is currently undergoing updates, but please continue to submit your ideas.

The security flaws in Airtable’s sharing model need to be fixed ASAP

cancel
Showing results for 
Search instead for 
Did you mean: 
ScottWorld
18 - Pluto
18 - Pluto

As discussed in this thread, any users of a database are able to share that database with other users, even if the creator didn’t authorize those other users.

Furthermore, any users of a database are able to duplicate the database without permission from the creator.

The creator is never alerted to any of these actions, either.

This is a huge security concern for any business.

Creators should be the only ones who are allowed to share the table with other users OR duplicate the table. Period.

If the creator wants other people to be able to share or duplicate the table, then they should EXPLICITLY be able to turn on those privileges for specific users.

Additionally, if another user shares or duplicates the database, the creator should then be informed of it via email.

Otherwise, as it stands now, we have a potential security nightmare.

5 Comments
ScottWorld
18 - Pluto
18 - Pluto

More info in this thread:

Bill_French
17 - Neptune
17 - Neptune

I trust you’re aware of and reviewed the current security beta features and factored these into your product suggestion?

ScottWorld
18 - Pluto
18 - Pluto

As far as I can tell, they haven’t changed “table sharing” or “table duplication” permissions with those new security features. Although those new security features are extremely welcome (albeit overdue)!

pwa
5 - Automation Enthusiast
5 - Automation Enthusiast

Has there been any word from the devs on this? It’s astonishing to me that there is still no way to restrict base sharing to owner/creator level.

Jordan_Scott1
Airtable Alumni (Retired)

Hi all!

Wanted to close the loop on this thread. Thank you for offering the product feedback here and completely understand the concerns. We’re excited to share that Airtable now supports workspace sharing restrictions so that Enterprise admins and workspace owners and Pro workspace owners can restrict the addition of new collaborators to specific workspaces or bases. Enterprise admins and workspace owners can also toggle a setting to prevent future share link creation on a given workspace.

Thanks again and we hope this is helpful :tada: