-
Notifications
You must be signed in to change notification settings - Fork 480
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent VIEWER role to export CSV #699
Comments
@shamsmosowi @notsidney Would love to know your thoughts on this and if this will be possible? |
Hi @aritraroy, I like the idea of an access control panel, it could help with controlling access to other features as well. |
Yes, I understand it is always possible to extract the data by writing a script or through other means. But it would be impossible for non-technical users. The idea is to not make it so easy as to just download it in once click and get the entire database in one go. We are unable to use it properly and give access to it to larger team just because of this concern. |
@shamsmosowi Can this feature be considered? If not, please let me know so that I can close the issue. |
@shamsmosowi @notsidney Haven't heard back on this for a while. Closing this issue. |
Hi, this is a useful feature that we could look into in a future sprint for advanced access controls. I’m reopening this issue. |
@notsidney Sure. Any tentative timeline on when this will be available? |
Our current focus is to make it easier for users to get started with Rowy. We cannot provide any timeline on this issue. If we can, we usually include that information in the replies to issues. |
Hi @notsidney I imported { userRolesAtom,currentUserAtom } from "@src/atoms/globalScope/auth"; but it doesn't contain the user auth Level. |
Hi @notsidney |
Is your feature request related to a problem? Please describe.
Currently if I set VIEWER role and set this option - "Read-only for non-ADMIN users", the user is not able to add/edit/remove the database which is good. But the user is able to export the entire database in one go.
I understand that exporting the database as CSV can still be considered a view-only option, but its a security risk for our usecase and data. Any of the users whom we even grant VIEW only access, can download the entire database and take it with them as a CSV.
Describe the solution you'd like
As a simple solution to this, it would have been great if there was an option to disable or hide the "CSV export" option from "Access Control" panel. This would make our data much more secure as users can only view it inside Rowy and not be able to take the entire data with them in one go.
The text was updated successfully, but these errors were encountered: