Securing your app is one of the key considerations you must take into account when developing your app. In this module, we discuss how you can leverage AppSheet security architecture to implement security for your app. We first discuss the security capabilities of AppSheet and how you can use these capabilities to secure your app. You will learn how to implement access control for your app and for the data used by the app. You'll learn how to authenticate and authorize users of your app and how to use AppSheet's auditing features. Let's start with AppSheet security. In this lesson, we discuss the security features in AppSheet and how you can use them to make the apps that you create secure. The security of your app is based on AppSheet security architecture, the underlying security architecture of your Cloud data provider, and security options that you control. Let's review each of these in turn. AppSheet security architecture comprises the following, application and data access control. Application access control enables you to control who can run your application. Data access control enables you to control the set of data that is accessible to app users. Authentication and authorization enables you to reliably identify users of your application and validate that they are who they say they are. It also determines the functions they can perform in the app and the data they can manage based on their role and permissions. Auditing enables you to monitor the use of your app. We'll review each of these capabilities in subsequent videos in this module. Your Cloud data provider security architecture manages access to your data files that are used by your AppSheet apps. Data that is used by your app is stored in your Cloud data provider system. For example, this could be on Google Drive, Google Cloud Platform, Dropbox, Box, Smartsheet, Office 365, etc. AppSheet does not store your app's data. You manage the permissions of your data files using your Cloud data providers access control mechanisms. You can grant or deny access to your data files to other AppSheet users by setting the correct sharing permissions on those files. It is preferred and recommended for users of your app to not have direct access to the app's data files that are stored with your Cloud data provider. The Cloud provider permissions or sharing settings on the data files determines who has access to the files and with what level of access, view only, read, write. In some scenarios, apps are built from data sources like spreadsheets that are also shared with other users outside of AppSheet. In this case, the sheet should be an exclusive data source just for the app. You use the permissions that you set for each table used in your app to control end user access to the app's data. Based on these settings, an app user may be able to add, edit, or delete data in the app's tables via the app. Data synchronization. When an app user adds, updates, or deletes data via your AppSheet app running on their mobile device, all changes are saved to your Cloud data provider. For example, submitting a form in an app will add a row to a connected Google Sheet. The AppSheet Cloud service acts as an intermediary to connect the mobile app with the Cloud data provider used by your app. Communication between the mobile device and the AppSheet Cloud Service uses the HTTPS secure web protocol. Communication between the AppSheet Cloud service and your Cloud storage provider also uses the secure HTTPS web protocol. The apps that you create are saved as application definitions that are maintained by AppSheet in a separate secure Cloud database. The AppSheet Cloud service acquires permissions to act on behalf of the app creator or app user to read and write your app's data to and from your Cloud data provider using OAuth tokens. These permissions are only used for the specific purposes of app creation and app execution. Also because of the way the OAuth protocol works, you can decide at any time to disable the access permissions granted to AppSheet. The application definition and all the necessary data are copied to the mobile device and securely stored locally on the device using HTML 5 local storage. As the app creator you control end user access to the app's data using the permissions that you set for each table or slice used in your app. Let's review how you can set a tables permissions in AppSheet. Navigate to the Data Tables tab or the Data Slices tab in the AppSheet editor. Expand the table or slice configuration, for example, the Product Categories table shown here. Select the Update mode that allows your app user to update and delete rows in the table. If none of these modes is allowed, select the Read Only mode. Save your changes. Let's review the options that you can set to control user access to your app. Controlling who has access to your app is a three-step process. First, you must enable the Require user sign-in option. Enabling this option will require app users to sign in to your app before being able to use it. Choose an authentication provider. AppSheet supports many authentication providers, including Google, Microsoft, and Apple. Specify which users or email domains can use your application. We will discuss these steps in more detail in the authentication and authorization topic later in this module. As the app creator, you can also control access to specific data via the app by user classes. For example, you may want certain classes or groups of users to only have access to view specific subsets of data and other users to access different sets of data. You can implement this in AppSheet using slicers or using security filters. We discussed slices in an earlier module in this course and we discuss how to implement this use case later in this module.
