Grist must have ACL rules to prevent users from downloading data and/or the .grist Document

Not much to say here. Yes, savvy users can find a way around. Anything. Still, for A LOT OF CASES, allowing only an editor to download the .grist file… or allowing only owners and editors to download the data as xlsx/csv, but blocking users from it, would be very important.

3 Likes

After I created this thread, I was given a tip that creating a table that only the owner can see the data, already prevents everyone else from downloading the grist file.

I suggest that a more “elegant” method should be created., through the ACL rules, even if behind the curtains Grist just creates a special table only the owner can see. But in front of the curtains, it’s a simple check immediately clear for everybody.

Also, the method works for Grist files, but still any user can download data they can see. Which I don´t think it’s a good and obvious feature. Specially because it requires a lot of digging to find out WHAT users can and cannot see.

A table that is not shown in any page can be available to download, with sensitive data until you discover it was not forbidden. (you ddn´t remember it was allowed because it’s not shown in any page)

Also, another problem with this is that you may want users to access a single column of a table… like email of users. To select them. But other columns of the same table, are hidden from view and contain senseitive information… all looks fine and no user but the owner can change the app structure, so there is simply no way for them to see the sensitive data.

Until they download the xlsx without you known and access the data.

REALLY… this is VERY important. Instead of “everyone can download until you say exactly what they can´t download”, the process should be inverted.

ALL tables should come forbidden to download as csv or xlsx until owner says what they CAN download. (by selecting columns)