Column permissions

You may wish to limit access to particular columns in an iSheet for certain user groups. Custom permissions may be configured for columns if permissions are enabled on the iSheet to which they belong. Once permissions are enabled and configured on the iSheet (see iSheet permissions), permissions may be configured on columns in the iSheet admin page: select
Admin
>
Module settings
>
iSheets
, then
More actions
>
Manage columns
.
Edit permissions on a column by clicking
More actions
and selecting
Edit permissions
:
By default, every column inherits the permission settings of the iSheet to which it belongs and has
Inherit iSheet permission
enabled.
To set custom permissions for the column, disable
Inherit iSheet permission
by unticking the checkbox. A table of groups with their View and Edit permission level settings.
You may apply custom permissions for each group by unticking the appropriate checkboxes for
View
and
Edit
. Select
Save
to save the permission changes.

Column view and edit permissions

At the column level, permissions are limited to
View
and
Edit
.
Edit
rights grant users in a group access to both view and modify the value of the column, whereas
View
rights limit a user to viewing the column value. If neither
View
nor
Edit
rights are granted to a group of users, the column will not be visible to the user at all in any iSheet table views or item windows.
In the example above, custom permissions are set on the 'Expiration Date' column.
  • 'Client 1' is a group that has
    Edit
    rights to the iSheet, but only
    View
    rights to this column.
  • Therefore users in the 'Client 1' group can create new items in the iSheet but cannot set the value of the 'Expiration Date' column.
  • Even though 'Expiration Date' is a mandatory column, users in the 'Client 1' group are exempted from this requirement as they do not have permissions to set the value for the column.
  • In the
    Add item
    window, users in groups who have access to add and edit items but only view access to a particular column, such as 'Client 1' users, will see that column name ('Expiration Date'), but not the entry form field:
  • Similarly, in the
    Edit item
    window, the column name ('Expiration Date') appears along with any value entered by a user with permissions to edit the column. However, the user in 'Client 1' cannot modify the value. If the column value were blank, only the name of the column would appear.
  • In the column permission example above, members of 'Client 3' and 'Client 4' have no access to view the 'Expiration Date' column.
Restricting view access to a column means that the column will not appear for that group in any of the following:
  • Any view of the iSheet, even if the view includes the column and the group has access to the view.
  • The iSheet add, edit and view windows.
  • The iSheet search form.

Column permission inheritance

You may need to consider how modifying permissions at the iSheet level can impact columns with custom permission settings. For example, if access to the iSheet were removed entirely for the 'Client 1' group, users in that group would no longer have access to the column, despite any column permissions granted previously when inheritance was 'broken' and custom permissions applied.
Alternatively, if 'Client 1' had no access permissions to the iSheet (or the group did not exist when the iSheet was created), but was subsequently granted full access view and edit permissions to the iSheet, 'Client 1' would not automatically be given any rights to a column that had custom permissions (broken inheritance). Permissions on such columns would need to be manually configured as required.

Conditionality and column permissions

Restricting access to a group on one column and adding a condition to a second column based on the value of the first column will not limit that group's access to the second column.
For example, certain groups cannot view the 'Country' column, and the 'US State' column has a condition to display only if 'Country' equals 'United States'. The 'US State' column has no permission restrictions configured, so all groups have access to and can search on the 'US State' column.

Related Content