I need to be able to limit table export permissions in GRIST. Is that possible? I noticed that users with read-only permissions can export tables, and I don’t want that.
Thankyou!!!
Hi @Silvina_Pais! You are right, there is no such feature: if you give your users the permission to see data in a browser, they can also get the data out of the browser – either via copy-pasting or exporting or API. Generally, such restrictions don’t work as a security measure, since a savvy user can get data out of the browser in bulk with little effort. But I agree it would be a useful feature (in conjunction with copy-paste and API restrictions) if you are just seeking to make it harder to take data out in bulk. Unfortunately, Grist doesn’t have it yet.
1 Like
“if you give your users the permission to see data in a browser, they can also get the data out of the browser – either via copy-pasting or exporting or API”
Dmitri, unless the Excel Export feature doesn´t work with “viewing as other user”, it doesn´t do that.
I am viewing a document as a user that has limited view… can only see his/her records, and yet, when exporting, EVERYTHING can be seen…
Oh you are absolutely right to suspect “View as”. Access rules apply to downloads correctly when the actual user opens Grist – access rules apply to downloads and API calls in the same way as they apply to viewing data in the application.
But the “View as” preview is currently not applying the preview permissions to the downloads, so the CSV/XLSX downloads reflect what you have access to, rather than the “View as” user.
Reporting this as a bug.
Dmitry… please, this is kinda of urgent because it’s violating the privacy of users… but when exporting, their email is being exposed on the tab SHEET6.
The problem is that there is no table and no rule for Sheet 6. There are several Excel tabs named Sheet# and I have no idea where they come from and how to not allow the data on them from being exposed!
Is Excel exporting the TABLES or the VIEWS? (Menu Views)?
To clarify, while exports in “View as” reflect the owner’s view currently, making it seem like access rules aren’t respected for a restricted user, in reality, the actual restricted user’s exports do respect access rules.
But it sounds like you are talking about a different problem now?
- You can see ALL tables in the “Raw Data” page. If you have tables you don’t need, you can delete them there.
- I recommend adding a “Deny All” rule for non-owners in the “Default Rules” section of Access Rules – that way you’ll have to be explicit about what to allow, but won’t have to worry about a new table unexpectedly being accessible.
- For your last question, “Download as CSV” and “Download as XLSX” options export what the user sees in the view being downloaded.
The Excel export comes filled with tabs called Sheets… my export had Sheet 1 through 11.
Which is really weird, because no tables have that such names. It is as if Excel is exporting tables AND views? Not sure yet.
At principle, it seems Excel was exporting the views, not the table.
By looking at the content, it seems Sheet6 was a table called Users. Then I found an error in the permission there.
- I recommend adding a “Deny All” rule for non-owners in the “Default Rules” section of Access Rules – that way you’ll have to be explicit about what to allow, but won’t have to worry about a new table unexpectedly being accessible.
Hmmm… problem is that I would be afraid of blocking some content that users must be seen, specially when it’s a reference in a table he DOES see.
Like the user emails. I blocked the table for non owners… but they should be able to see their own in the company table, where they have permission only for their own. They are seeing apparently, which I thought they wouldn´t… because the other table is blocked. It’s quite confusing
Besides Grist not blocking downloading the Excel data, it also doesn´t make any effort to block a user from downloading the .grist file.
we know a savvy user can make a lot of things. Still, simply adding Special ACL rules for Downloading Data and Downloading the Document would be VERY important.
Like only allowing owners to download data and document. Or allowing editors to download data but only owners to download the document.
I agree. Until a special option exists, there is currently a workaround for downloading the .grist file: add ANY view restriction on the document in Access Rules – for example, a dummy table that’s not shown anywhere, and a rule that denies access to it except for OWNERs. Then only OWNERs will be able to download the full document.
1 Like