A security filter is an optional Yes/No expression that is evaluated for each row in a table. For steps to configure security filters, see Security filters: The Essentials .
When you use security filters, you typically use the user's email address, and possibly other data values, to limit the data shown to the app user, as follows:
- Require user sign-in . After a user signs in, AppSheet knows the user's email address. You can then use the user's email address to filter the data shown to that user.
- Include a field in each record that identifies the owner of the record. Typically this field contains the owner's email address. When adding a new record to a table, you can use the
USEREMAIL()function in that field's Initial Value property to initialize it with the user's email address. See Define app formulas and initial values .
To limit access by user email:
[EmailColumn] = USEREMAIL()
To limit access by user email domain:
CONTAINS(USEREMAIL(), [EmailDomainColumn])
To limit access by user email but allow any manager to have access, create a Managers
table that contains the email addresses of all managers. Then specify a security filter like:
OR(IN(USEREMAIL(), Managers[Email]), USEREMAIL() = [EmailColumn])
To filter based on the Department
name contained in the Employees
table. The security filter would be:
IN(LOOKUP(USEREMAIL(), Employees, Email, Department), LIST("Payroll","Personnel"))
To filter the Customers
table so that each sales representative sees only their own customers. If you have a separate CustomersToReps
lookup table having columns CustomerId
and SalesRepEmail
, the security filter for the Customers
table would be:
IN([CustomerId], SELECT(CustomersToReps[CustomerId], [SalesRepEmail] = USEREMAIL()))
