This topic refers to functionality that is only available to accounts on the Business-level or above plans. If you do not see the functionality described here, either your account or realm has not been configured to show it, or your account is not on one of those plans.
Quickbase provides several security policy options on the Policy page in the Admin Console. Realm admins may view and turn on these policies to help meet the security needs of their organizations.
Managing security policies for your realm
On the My Apps page, click Manage name_of_realm, and then click Policies.
Change or edit security policies in the Security policies section of the page.
Click Save at the top of the Policies page.
Prevent embedding in iframes
When checked, iframes embedding Quickbase pages (such as reports, forms, home pages, and custom code pages) from this realm display as blank. This applies whether the iframe is attempting to display an embedded view of an app on the quickbase.com domain, or on an external website.
Prevent external redirects
When checked, any redirects within formula fields or links are ignored if they are pointing to locations outside the quickbase.com domain. For instance, if you have a formula field set to add a new record and then send users to example.com, this redirect would be ignored.
Review the following table for more information on which type of links are affected.
|Type of link||Example URL Formula||Affected?||What will happen with the setting turned on?||Why?|
|Single link on the quickbase.com domain||
||No||Will work normally||This is an internal link, which does not contain a redirect|
|Single link outside the quickbase.com domain||
||No||Will work normally||This is an external link, but it does not contain a redirect.|
|Link on the quickbase.com domain, then redirect to a second link on the quickbase.com domain||
||No||Will work normally||This link does contain a redirect, but it redirects to a page on the quickbase.com domain.|
|Link on the quickbase.com domain, then redirect to a link outside the quickbase.com domain||
||Yes||The new record is added, then the standard XML response page is displayed.||This link contains a redirect, and the page it redirects to is external to quickbase.com|
|Link outside the quickbase.com domain, then redirect to another link outside the quickbase.com domain||
||Yes||The home page of
||This link contains a redirect, and the page it redirects to is external to quickbase.com|
You can also opt to prevent most redirects, but allow certain approved sites. When you select Ignore redirects to sites outside quickbase.com,an Allow redirects to these sites box appears. Enter a comma-separated list of hostnames in this box using the example.com,example.org format without including www. or http://
*Tip: Verify your hostnames when you enter them and do not enter www. or http://
Choose if and how users can create apps with the two options:
Allow users to create apps
Allow users to access Quickbase Exchange
By default, both of these boxes are checked.
If you deselect Allow users to create apps, the Create new app button on the My Apps page will be hidden for all users.
If you deselect Allow users to access Quickbase Exchange, the button Explore sample apps will be hidden from the My Apps page. If users try to visit Quickbase Exchange using a different method, the will see a message that they do not have access to the page.
Control new users
When Only account and realm admins can create new users is checked, app admins will not be able to invite users who do not already exist in the Quickbase account to their apps. App admins will need to work with realm admins to add new users to the account. For more information on adding new users, see the Adding users to a realm help article.
Prevent offline mobile usage
When checked, users cannot use offline features on mobile.
(For Enterprise plans only) Choose how you would like to store new user tokens:
Encrypted but visible to owner: New user tokens will continue to be visible in the UI after initial creation
Hashed and permanently hidden after initial creation: User tokens will only be visible when they are created. After that, they will not be shown in the UI and will be hashed in the Quickbase database. Users who create tokens must save them and store them securely for future use.
When you create a user token, you assign it to an app. This policy allows you to enter the number of apps that can be assigned a single user token. If left blank, it defaults to 20.
Security options in apps
Note: This policy is only available for customers on an Enterprise plan.
When checked, app admins can modify app security options found on the App properties page. These options include:
Allow users who are not administrators to copy
Allow users who are not administrators to export data
Hide from public application searches
Only "approved" users may access this application
Only users logged in from "approved" IP addresses may access this application
When unchecked, these security options will be inactive for app admins, and they will see the text, "App admins may not change these options. For help, please contact your realm admin."