When you use visibility conditions or design a screen to show some data but not other data, your app still downloads whatever data it can for the corresponding sheet, even if it is not displayed in your app. It is relatively straightforward to inspect this data with common tools such as your browser's developer console, so you should not rely on hiding information to keep it secure.
Use visibility conditions to customize the display of data that all users should be able to access. For example, use filtering to create a Managers tab in an employee directory, since the manager profiles are already accessible to all employees in the main directory.
Use visibility conditions together with security features such as Row Owners to securely control which data users can access, and how the data is displayed.
In an Employee Directory, there is a tab called 'Managers'. This tab uses a filter to show only employees where the
Is Manager Label column contains 'Manager'.
In this case, it's ok to use the filter condition as we're already displaying the filtered out information (employees) elsewhere in our app.
In the app below we're showing a component with each employee's social security number on it. We're using conditional visibility to only show this component when the logged-in user is an admin. This is not a secure way of displaying data to Admins as the social security number will still be downloaded by the app, even when it's not visible.
In the app below we have a tab for Employee Feedback which contains private submissions from employees to management. You can see we've applied a Tab Visibility condition to only show this tab when the logged in user is a manager.
This is not a secure way of displaying data to managers as the data in this tab will still be downloaded by the app – even if it's not visible to the user.
In the Employee Directory below we have a table with private information in it without Row Owners applied.
We've then created a new tab with a Details layout and filtered that tab to only show items where the email column matches the signed-in user's email. This will show the user only their Row.
However, this is not a secure way of displaying a user their private profile information. Even though they can't see other user's profiles, the other user rows are still downloaded.