Data security issue with Inline Filters

Hi gang… at the moment Inline Filters aren’t filtered by Conditional Filters. It’s a big problem for us, because users see information in the filters that they aren’t entitled to. So not just a functional issue, but a data security flaw.

Does anyone have a practical workaround which doesn’t introduce static structures (like Airtable views)?

Is there a plan to fix these issues?

Many thanks

Hi,
At first glance, this is not a data security issue => it is possible to do so by using global data restrictions (the “view” option will be be enough, accessible within all pricing plans).

Feel free to check the Softr Docs about it: Global data restrictions – Softr Help Docs

1 Like

Hi Matthieu,

Thanks for taking the time. Agreed, Global Data Restrictions help with the data security angle.

The main problem we have is that the inline filters are not filtering by the conditional filter. So a user is seeing options in the inline filter for records which have been filtered from the table.

Take a simple example of a table of Projects, which are maybe marked as Live or Complete. The table would have a conditional filter on Live Projects, but the Inline filter shows all projects, including (maybe hundreds) of Completed ones.

Are you aware of a workaround to this?

Thanks

(It would also be nice to have default settings on Inline filters, so the table is pre-Inline-filtered by a default setting, maybe taken from an AirTable record attribute).

This might (might) be solved by the upcoming feature called Dropdown option filtering.

Thanks Mattieu… It looks like it’s in the right ballpark, doesn’t it?

It seems like it’s being tied into user and page level attributes, rather than the Conditional Filters… I wonder if they’re open to influencing on this?!

@artur can you help here? Can we input to the use cases for Dropdown Option Filtering?

@NikW we do plan to add filtering logic to the inline filter dropdowns

Can you share what’s the field type in your DB that you map into inline filters ?

If it’s linked record then Global data restriction should solve if not then you might either wait for the feature or turn into linked record and work with it…

Blocks conditional filters currently doesn’t filter inline filters but only the data.

Hi @artur

The most common field type we filter on are linked records (e.g. Show projects for this client, for this event, for this country), but I don’ think Global Data Restrictions helps.

Global Data Restrictions are perfect for restrictions based on user attributes, which apply across the whole site. They’re not helpful for filters which are not based on user attributes and not applicable to the whole site.

For example, a page for a specific sports event will only show table entries for that event (conditional filter), so the inline filters should only show options for that specific event.

Another example, a page for Live projects will have this in the conditional filter, but the inline filters will still show all the Completed projects. These are not related to the user, and not applicable to the site, so I don’t see how Global Data Restrictions can help - maybe I’m missing something?

It would be great to see a solution where there is a toggle switch so the inline filters (and any actions buttons with drop downs) can ‘inherit’ the conditional filters. Even better if the inline filter can sync on Lookup fields :grinning: