Google Sheets integration - Is Retool able to keep our data safe?


We’re interested in using Retool to build a dashboard that will let our customers visualize the results of some calculations that are happening within a Google Sheets file.

Within this file, we have a bunch of raw values on tab A, and then another tab B which contains some formulas that take the raw values from tab A as input and outputs some results.

What we’d like to do is to fetch the results of the calculations from tab B, and then display those on a variety of charts in Retool.

The main requirement is that we need to make sure that our customers should only be able to access the results of the calculations, from only very specific cells within the file.

Thus, we want to make sure that they won’t be able to access the “raw” values on tab A, as well as the actual formulas used to generate the results on tab B. And that, even if end-users (not standard Retool users) try to “hack” around the app.

Could you please confirm with me if Retool is sufficiently safe for our use case?

Thank you

(Putting this topic back at the top)

@Val0 thanks for asking and thanks for your patience. In general, you can configure your Retool app to do specific functionality, like query a specified Google Sheets tab and cell range, and the app/end users will only be able to do what the app is configured to do. So configuring those specific actions in your Retool app will be important. See more below on scoping both functionality and permissions.

:thinking: Setting specific cells/ranges could be done! You can use A1 notation: When creating a query using a Google Sheets resource, click Use A1 notation

and then you'll see this, including link to google documentation for more examples:

@jocen gave an example of A1 notation recently here: Creating a search bar in a mobile app from Google Sheet data - #15 by jocen

There's a semi-related doc on row-level security, which was intended for SQL databases but maybe something like this could be done in Google Sheets as well?

You could also consider using IMPORTRANGE to store the calculated data in an entirely different spreadsheet and then limit Retool's access to the source data via whatever method you're using for authentication.

For locking down permissions, on the Business or Enterprise plan you can configure user group permissions.

Hope this at least points you in a good direction! I welcome any other community members' thoughts and suggestions as well :slight_smile: cc @jocen @minijohn @stefancvrkotic just in case, as I've seen you chime in on Google Sheets Retool integration questions in the forum before