How to Protect Your Airtable Base from Duplication and Data Theft
Once your Airtable base holds something valuable - client data, proprietary logic, a product catalogue, years of research - the question of who can copy it becomes important.
The default situation is uncomfortable: anyone you give access to can likely duplicate or export your data. Airtable is built for collaboration, not for locking things down. But there are several layers of protection you can configure, and combining them makes meaningful data theft significantly harder.
Here is what actually works, in order of impact.
1. Understand What Each Role Can Actually Do
The risk varies significantly by role. Before changing any settings, it helps to know what each built-in role allows.
Owner and Creator - Full control. Can change the base structure, manage collaborators, and duplicate the base. Only give these roles to people you fully trust.
Editor - Can add, edit, and delete records. Cannot change fields or base structure. Can view and export all data including downloading CSVs of any table.
Commenter - Can view records and leave comments. Cannot edit data. Can still see everything visible to them.
Read-only - View only. Cannot make changes. However, by default, a read-only collaborator can still duplicate the entire base into their own Airtable workspace, taking all your tables, fields, and records with them.
The key point is that even the most restricted built-in role does not prevent data copying if someone has access to the base itself. The settings below address this.
For a full walkthrough of how to manage roles and where the settings live, see How to See and Manage User Permissions in Airtable.
2. Disable "Allow Viewers to Copy Data"
This is the most direct protection against base duplication and takes 30 seconds to enable.
When you share a base, Airtable includes an option that lets viewers copy the base into their own workspace. It is on by default. You can turn it off.
-
Open your base and click the Share button in the top-right corner
-
In the sharing panel, find the share link section
-
Click Edit link settings or the gear icon next to the link
-
Find Allow viewers to copy the data in this base and uncheck it
-
Save
You can do the same for individual view share links. Each view's share settings has the same copy-disable option.
This removes the "Duplicate base" button for viewers. It stops casual copying. It does not stop someone determined from manually selecting and copying records, or using developer tools - but it removes the easiest route.
3. Share Interfaces Instead of the Base
Interfaces are the most effective native protection Airtable offers. When you share an interface, the person you share it with sees only the interface - not the underlying tables, fields, or base structure.
An interface-only collaborator cannot:
- See the raw table data or field configurations
- Duplicate the base
- Export or download records
They can only interact with what you have chosen to show them in the interface layout.
To share an interface without giving base access, invite collaborators directly from the interface editor's Share menu rather than from the base Share button. This is fundamentally different from adding someone as a base collaborator.
This is the right approach for clients, external partners, and anyone who needs to see data but should not touch the underlying base. For guidance on the different ways to share interfaces and what each option costs, see 6 Ways to Share Airtable Interfaces with Clients.
4. Use Field and Table Editing Permissions
Field and table editing permissions let Owners and Creators control who can make changes to specific fields or tables, independent of the collaborator's overall base role. This is available on Team, Business, and Enterprise Scale plans.
Important: field and table editing permissions control who can edit - they do not hide data from view. Someone with read-only permissions on a field can still see its values; they just cannot change them.
Setting field editing permissions
-
Open the table containing the field you want to restrict
-
Click the arrow icon to the right of the field name
-
Click Edit field permissions
-
Click the arrow next to "Who can edit values in this field?"
-
Select the permission level you want
You can restrict editing to Owners only, Owners and Creators, or leave it open to all collaborators with edit access.
Setting table editing permissions
Table permissions let you control who can create and delete records in a specific table, separate from their overall base role.
-
Click the arrow icon to the right of the table name tab
-
Click Edit table permissions
-
Configure who can create records and who can delete records
This is useful for protecting audit tables, log tables, or any table where records should only be created by automations rather than manually by users.
Anyone with Creator or Owner base permissions can configure or remove these restrictions. If you want to review which fields have had permissions changed, the field manager tool (available on paid plans) shows this across all fields in a table.
5. Use Legal Protection for Contractors and Developers
When you give base access to a contractor, freelancer, or developer, technical restrictions alone are not enough. Someone with Creator access can duplicate your base before you revoke their access, and all the settings above become irrelevant.
Non-disclosure agreements and contracts with clear data ownership clauses create legal accountability on top of the technical measures. They define who owns the base structure and data, and what the consequences are if someone misuses it.
This matters most when bringing in external developers who need full Creator access to build or modify your base. Have the NDA signed before sharing any credentials or access.
For related reading on managing access as your base and team grow, see How to See and Manage User Permissions in Airtable and Best Practices for Sharing Complex Airtable Bases Securely.