How Secure Is This Idea?

Hello and thank you for looking! Please give me your opinion on this.

I need to make a page that is separate from the app where I can log into and see
users’ name, address, and email. I do not want to just use the database due to I need to add
checkmarks and other non personal info next to user’s info.

If I make the page not linked to my app by any buttons or links (you must know the url) and a popup with an input box for the passwords, is this secure? Meaning, you only see the popup at first with the two inputs for the passwords and once entered, the popup hides and I can see the names/emails, etc.

If this is not secure, please lead me to a secure way to do this. Thank you in advance!

  1. Your page can be found
  2. A popup can just be hidden by the user, it’s not secure.

You need an option set called ‘User Role’. This should, depending on your app, just contain Standard and Admin.

Set your admin user’s User Role to Admin.

Configure privacy rules that allow the data to be seen Only when Current User’s User Role is Admin.

On the admin page, have a page load workflow with a condition that takes the user away when their User Role <> Admin.

Privacy rules stop the user’s data being exposed to people who shouldn’t have it. The page load workflow stops them being able to see the admin panel (though it is wise to make sure the admin panel UI is only visible when Current User’s User Role = Admin, as a user can often cancel the redirect)

Thank you very much for your time and info!