Making a field searchable ( in the privacy settings) decreases the level of security?

Can somebody explain me the difference between “this user can view” a data field or “find this in searches”, in the privacy rules?

I mean, if a field is visible, making it also searchable decreases the level of security?

Thanks!

These are two different concepts.

Findable in searches means the object will show up in search results. An object being represented as an ID in the database But the fields will only be visible if you make them visible.

2 Likes

@emmanuel is it safe to expose the ID of a user in the database by enabling find in searches for everyone, but have all fields unticked/hidden?
Basically I am creating a workflow to add a user to a team but that user needs to be found by their the user entering their email address, then it adding the result of doing a search on the user database for the first item with that email.

I dont want to expose any data, but an Id seems OK.

Ideally if you can avoid showing IDs it’s better, so you can use an API workflow and run it ignoring privacy rules. That’s a safer approach.

1 Like

Hmmm, its super tricky to figure this one out, because I have all fields hidden, but the workflow i run should be putting the user in the list of users that has privacy permission to view certain data, however the data is still being hidden on the frontend. When i disable privacy rules, the data appears.

So workflows ran by the user ignore privacy rules for all users correct?

If you check the right box at the API workflow level, yes.

1 Like

Checkbox as in at the Privacy rules level?
How would I do that without checking it for the everyone access?

I’m confused as to where this checkbox is? My app doesn’t expose the API endpoints, just uses the standard workflow functions

The box in at the schedule API workflow action level.

2 Likes

Hmm, its not a scheduled workflow though, its ran at the time of a button clicked (not out in time).

Are you able to please advise on the other post I just tagged you in please? I am trying an alternate approach, but I think there is something getting stuck in privacy rules

I suggested you to use a scheduled API workflow.

1 Like

Ok, so I have set up the API workflow with correct parameters. I have the ignore privacy rules ticked on the workflow and action, and the workflow works correctly when I test it by adding the current user to the current users team, but when I try to run it to add another user in the database to the team, it doesn’t work/doesnt add them to the team or return any results/error. Its like its ignoring the checkbox that says ignore privacy rules - please tell me where I am going wrong here.

Ok, so I have set up the API workflow with correct parameters. I have the ignore privacy rules ticked on the workflow and action, and the workflow works correctly when I test it by adding the current user to the current users team, but when I try to run it to add another user in the database to the team, it doesn’t work/doesnt add them to the team or return any results/error. Its like its ignoring the checkbox that says ignore privacy rules - please tell me where I am going wrong here.

Finally I have figured it out! That was a lot of effort. Thanks

What was the final solution here?