I have a Risk app at Grist.
Each Risk has an owner, departments, processes, etc.
We have a Wiki with documents for all company departments.
I would like that someone from the HR department, when checking the Human Resources page at the Wiki, could see all risks, from the GRIST table, associated to THEIR department.
Ok, I just remembered the document must be PUBLIC in order to show with an iFrame…
the WHOLE document? Can´t I make only a few pages public?
edit: lol, me and my two profiles problem, due to accessing the forum from the different Google Accounts.
Anyway… this question became two.
1 - is it possible to have a link to a previously filtered view? I was only able to have a link to a view that has a DEPARTAMENTO widget and a RISKS widget filtered by the department widget. So I got the link of that department at that view, as then the Risks are filtered by it.
But having ONLY Risks already filtered by the their department column is not possible right as a link, right?
2 - what would be the ideal solution to have iframes to a big document that you don´t want everything to be public? Workarounds? Anything?
@natalie-grist you have always been able to answer some difficult questions, any idea about this? Again, no need to be exactly like I asked, but what would be the better workaround, if not possible.
Hi @Rogerio_Penna,
If you can modify the Wiki page, so that each user will have a different URL in the iframe (for example: with his department id as a query parameter), you can use Link keys feature and ACL rules to achieve what you want.
It’s not each user who will have a different URL. It’s each page (because each page is for a Department)
So each page can have a different URL in their own page iframe.
Thanks Jarek. I will try to understand how that works.
Hi Jarek. I am failing to make this work with Departments.
in the Departamentos table, I created a column with UUID, made into data column, and then created a link
in the Risks table, each risk has a referenced Departamento and then a column with the UUID of that department
then in the access rules for the table Novo Risco (the Risks table) I used the following formula… and… errr… READ in dark gray (shouldn´t it be green? But hovering the mouse over it it says “allow read”)
user.LinkKey.DepartmentUUID == rec.Departamento.ID2
in the iframe however, all rows are showing. So “something wrong is not right” 
made other tries, the iframe is still showing ALL records.
here is the iframe code
{{iframe url=“http://192.168.0.xx:yyyy/wjpcNdfWDEm9/SGQ-Sistema-Qualidade-Pavicon?DepartmentUUID_=65cb068a-9eac-49fe-91e1-a7580d563c46” width=“100%” height=“500px”}}{{/iframe}}
So if I understood the LinkKey help correctly, when I used DepartmentUUID_ plus that created UUID 65cb068a-9eac-49fe-91e1-a7580d563c46, then in the access rules, it should let me read rows where LinkKey_DepartmentUUID is that UUID
here is the access rule for table NOVO_RISCO
user.LinkKey_DepartmentUUID == rec.Departamento_ID2
but I still see EVERY row. What is wrong?
One weird thing I noticed is that despite the document being public, when I load the XWiki page it DOES ASK for a login.
EDIT: it seems it’s not possible to circunvent the necessity for a login if you are using Grist Omnibus
So… when I login with my user, I am able to see all rows, despite the LinkKeys. But then, I am owner.
But when I login with another user, even with the linkkey, he can see NOTHING
I am sorry to insist Jarek. But I am really stuck here for the past 2 months. Maybe this feature doesn´t work with Omnibus?
10 months later…
Well, so it seems that accessing with my user, which is the admin at Grist, no matter what Department page, I can see everything.
When accessing with other users, they see only their risks.
That means the risks are not being filtered by page, despite I using different links for each department.
In the end, is the user access that is setting what each can view.
What I mean is that the TI guy will see TI Risks if he enters the TI Department page OR the HR Department Page.
EDIT: ok, so it seems that the iframe access is something mixed LOL
IF I enter any department page with my Admin user, I can see EVERYTHING of all departments. So it seems Grist is looking not at the department link, but at the USER.
However, if any other user enters the XWiki department pages, they can see ONLY those department related records. So in that case, Grist is not checking the user, but the department filter.
I am quite lost at this. Is there a way so even the Administrator can only see the Department related pages?
