How to not download hidden columns and login as an end user

halil · July 10, 2024, 10:33am

we need ids of objects, but for end user he or she does not need to see them, when they download the result, they get hidden columns too.

is it possible to impede that?
is it possible to log in as an end user to check whether some certain user is not able to access the data?

bobthebear · July 10, 2024, 3:01pm

when you say 'end-user' are you refering to the Retool defined 'end-user'? as in, a member of an org who has not built/edited an app or workflow during the current billing period?

on the Team plan I think the only thing you can do is try and use are:

config vars. these values are based on the env (like passwords for dev/prod env)
env vars
Secret Managers like aws and vault. on the Enterprise plan you can also use source control to protect apps, resources, queries and workflows

the easiest ways are with the Business or Enterprise plans. depending on if you want to:

hide/disable components by:
- using {{ current_user }} or with SSO and JWT tokens in {{ current_user.metadata }}. html and data can still be generated for components on the client side.
- using permissions for
restrict access (html and data can still be generated for components on the client side):
- to apps and workflows
- to specific data with:
  - permission groups [docs / guide] and/or Spaces [enterprise only - docs / guide]
  - row-level security implemented in your Retool DB resources and queries
    - access {{ current_user }} anywhere you can use JS
    - the Enterprise plan using a SSO and JWT tokens stored in {{ current_user.metadata.[idToken | accessToken] }}.
  - User Attributes[docs / guide]
- based on custom authentication or IDPs(Embed web apps | Retool Docs) with {{ current_user.metadata }}

halil · July 12, 2024, 9:10am

hi @bobthebear,

end user has only view access, no right to change anything.

in our apps end-user does not see the ids, which is assigned automatically in DB. in our queries we are getting it for other reason. in result table we are hiding them. but when the user downloads the table, the user gets hidden columns too. we want to only let the user to download what the user sees.
we are using container to use tab to show the datas. sometimes we want to let the end-user to able to see only some tabs, not whole page. in this case we create a limited group to show only some tabs. in this situation we need to cross check, wheter the end-use is able to access whole page or some certain determined tabs.

Tess · July 12, 2024, 5:44pm

Hi @halil,

Do you have "include hidden columns" checked on in the download event handler? It is on by default, but it can be un-checked:

halil · July 15, 2024, 11:22am

many thanks Tess.
i was using the following one, that is why i did not see that option.

bobthebear · July 15, 2024, 1:49pm

aaannnnddd there's my weekly lesson about a button I never noticed! thanks @Tess!