Appearance vs. security
Visibility conditions, hidden tabs, and removed components are not security features—they are merely changes that impact how different users see your app. Do not rely on these changes for your app's security.
When you use visibility conditions or design a screen to show some data but not other data, your app still downloads all the data available to it for the corresponding sheet, even if users can't see it. It is relatively straightforward for someone to inspect this data with common tools such as your browser's developer console, so you shouldn't rely on hiding information to keep it secure.
Use visibility conditions to customize the display of data that all users should be able to access. For example, use filtering to create a Managers tab in an employee directory, since the manager profiles are already accessible to all employees in the main directory.
Use visibility conditions together with security features such as Row Owners to securely control what data users can access, and how the data is displayed.
In the app below, we have two Choice and Image components. Each image is visible or hidden depending on the delivery status. The data here is not private, it's purely informational, so it's safe to use conditional visibility.
In an Inventory app, there is a tab named 'Products.' This tab uses a filter to show only the products for which the
Low Quantity column is not checked.
In this case, it's ok to use the filter condition as we're already displaying the filtered-out information (products) elsewhere in our app.
The app below shows a component with each employee's yearly performance on it. It's using conditional visibility to only show this component when the user who's logged in is an admin.
This is not a secure way of displaying data to admins as the yearly performance statics will still be downloaded by the app, even when it's not visible on the screen.
The app below has a tab for company reports, which contains private financial data. You can see that there's a Tab Visibility condition to only show this tab when the user who's logged in is the CEO.
This is not a secure way of displaying data to managers as the data in this tab will still be downloaded by the app, even if it's not visible to users other than the CEO.
The app below has a table with private information in it without Row Owners applied.
There's a new tab with a Details layout and filtered that tab to only show items where the email column matches the signed-in user's email. This will show the user the data from only their Row.
However, this is not a secure way of displaying a user their private profile information. Even though they can't see other users' profiles, the other user rows are still downloaded.