User access to module items and item data is defined by a combination of various settings. The data can be restricted on several access levels which can be presented hierarchically.
There are such hierarchical levels of access:
| Level | Details | Configuration |
|---|---|---|---|
1 | This access level defines what the user can do with any item in the module: Read, Edit, Delete, Upload (Create New), Download, Log, Export, Version Control See more about Access Rights | Site Configuration > User Settings > Access Rights | |
2 | • by Group: User Group defines which items a user can access in the module. See more about User Groups | Site Configuration > User Settings > Groups Site Configuration > {Module} > Settings > Groups | |
• by Status: Read, Edit, Upload (Create New) permissions granted by user's Access Right can be modified for particular item's Status. See more about Workflow Status | Site Configuration > {Module} > Workflow > Status | ||
3 | Defines the security level of access to particular fields in the item: READ, EDIT, NONE. This access is granted according to a combination of settings: View, View in Edit, Edit See more about Field Access | Site Configuration > {Module} > Field Usage > Display | |
4 | A field template defines the custom set of the field to be visible in the corresponding UI area such as:
See more about Field Templates For version 15, see also Item Views | Site Configuration > {Module} > Field Templates Site Configuration > {Module} > Field Usage > Templates Configured in Item Views starting from version 15 | |
5 | File field might have several Media Holders. Access to each of them can be granted separately by enabling Download functionality. See more about Media Holders | Site Configuration > {Module} > Media File Holder |
User can read/edit the data depending on the combination of Module Access, Field Access, and Field Visibility. Each access level requires all the previous levels to be granted, otherwise, the field will be blocked to the user.
Examples:
✔️ To see the field in the Item Info Sheet user must have such access:
"Read" access to the module
Field security "READ" ("View" or "View in Edit" usage enabled for the field)
Field to be included in the field template assigned to the active Menu element
✔️ To edit field in the Item Info Sheet user must have such access:
"Read" + "Edit" access to the module
Field access "EDIT" ("View" + "Edit" usages enabled for the field)
Field to be included in the field template assigned to the active Menu element
✔️ To hide the field in the Item Info Sheet do one of the following:
Set field access "NONE" (Both "View" and "View in Edit" usage are disabled)
Exclude the field from the field template assigned to the active Menu element
✔️ To have the possibility to upload/download files in the Item Info Sheet user must have:
"Read" + "Edit" + "Download" access to the module
File field access "EDIT" ("View" + "Edit" usages enabled for the field)
File field to be included in the field template assigned to the active Menu element
"Download" access to the original Media Holder
1. Module Access
What the user can do with module items is initially defined by the Access Right configuration.
User must have at least "Read" access to see the items. The combination of other permissions in the Access Right sheet will allow or disallow certain function available in the module or item.
Note!
Access Right "Upload" means "Create New Item". The name remained from the legacy functionality for compatibility reason. It may be confusing as it is not related to ability upload files. It only controls will the user be able to create items or not.
2. Item Access
By default initially, a user with who has access to the module can see its items also. But it is possible to configure that each item can have individual access permissions for the particular user.
Restrict by Status
Access can be modified for each particular item using Status restrictions (in the way of narrowing the permissions). So, the user could have one item available for editing and another read-only due to the current item's status. Also, some items can be completely restricted if the user has no "Read" access to certain Status.
Restrict by User Group
This method fully restricts the item, so the user can't get any information about it. See more about how to configure and apply User Groups.
3. Field Access
The field in the Item Info Sheet can have different access grants for a specific user.
Field Access Level | Field Usage | Details |
|---|---|---|
READ | View/View in Edit | Read-only field, user cannot modify the value but the value can be changed indirectly by other fields via automatic prefilling |
EDIT | View/View in Edit Edit | User can modify the field content directly |
NONE |
| A field is secured and not available to a user. Note, that in this case, indirect mechanisms such as automatic prefilling will still work on the background |
HIDDEN | View/View in Edit Search Result | A separate case for the Module View where additional field usage "Search Result" is respected. A field can be available to the user in general but hidden on Search Result |
Note!
"View" and "View in Edit" usages in New UI are duplicates and have identical meaning (this is temporarily needed for compatibility with legacy code). They both controls will the field is accessible or blocked to a user.
4. Field Visibility
Fields can be displayed in different functional areas:
Item Info Sheet Main Form;
Item Info Sheet Media;
Item Info Sheet Inline Module;
Module View Search Result.
4.1. Info Sheet Main Form
The visibility of the field in Main Form area is defined by a combination of the templates (assuming that field access READ or EDIT is already granted). They are:
Template | Where to configure | Details |
|---|---|---|
Menu Element field template | Site Configuration > {Module} > Menu Elements > Template | Assigned to a particular menu element, so it is possible to have a different set of fields on each tab |
Add Item field template | Site Configuration > {Module} > Settings > Field Template for Add Item | This template is optional and used for initial hiding the fields that can be shown by dynamic template in the Add New Item screen |
Edit Item field template | Site Configuration > {Module} > Settings > Field Template for Edit Item | This template is optional and used for initial hiding the fields that can be shown by dynamic template in the Edit Item screen |
Dynamic template | Site Configuration > {Module} > Field Definition > Dynamic forms | A template is assigned to a particular value of the option field and applied when the value is selected |
"Add Item" and "Edit Item" field templates work identically with the only difference that one is respected on New Item creation, and another is for editing an existing item.
Summarizing the access logic, the field can be presented in one of the four states for a particular user based on his/her Access Right:
Editable - full access to the field, user can modify the field manually or with automatic prefilling;
Visible - user can see the field in read-only mode, though the field can be modified indirectly with automatic prefilling;
Hidden - user cannot see the field but modification is possible with automatic prefilling by modifying other fields;
Disabled - the field is not loaded for a user and cannot be modified directly.
The next diagram will help you to track the field state and understand why it is available or not and adjust the access for your needs.
To track the field state you should go from the bottom of the diagram and check which factor can make the field visible, hidden or disabled.
Note, that possibility to edit a field is controlled only on Field Access (EDIT) and Module Access (Edit) levels while the field template is used only to show/hide the field.
The next table explains the logic of how the templates are combined:
Field is enabled in | Visibility | ||
|---|---|---|---|
Menu Element field template | Add/Edit Item field template | Dynamic template | |
yes | yes | yes | visible |
yes | yes | no | visible |
yes | no | yes | visible if an option with dynamic template selected |
yes | no | no | hidden |
no | yes | yes | visible if an option with dynamic template selected |
no | yes | no | hidden |
no | no | yes | visible if an option with dynamic template selected |
no | no | no | hidden |
In other words,
the field is hidden if not included in Menu element or Add/Edit template (or both);
initially, the hidden field can be shown when selecting the option with a dynamic template (assuming that the field is included to it).
See more about Dynamic Forms.
4.2. Info Sheet Media section
Media section can contain File fields and Multiple File fields. To make this section visible, at least one field must be available for the user (the access logic is the same as for fields in the Main Form).
In case of File field:
user has "Download" access right to the module;
File field is "Editable" or "Visible";
"Download" function is enabled for at least one Media Holder connected to the File Field;
user has "Download" access to the Media Holder in question.
In the Media section, File field is represented as one or more related Media Holders which have additional access level. This is explained in details below in the chapter Media Holder Access.
In case of Multiple File field:
user has "Download" access right to the module;
Multiple File field is "Editable" or "Visible".
4.3. Info Sheet Inline Module ( Configured in Item Views starting from version 15)
The Inline module can be displayed on the Info Sheet if "Show Info from" option is enabled in Menu Element settings.
Note: Menu Elements are decommissioned for New UI in version 15 and replaced by Item Views
The visibility of the field in the Inline module is defined by field usage "Search Result" and the template assigned to the Inline module tab. It must be enabled in both to be visible in the Inline module.
Note, that inline module template will be applied per menu element (different templates can be used for different menu elements) while the field usage "Search Result" is common and applied to the module itself no matter where it is displayed.
4.4. Module View Search Result
The visibility of the field in Module Search Result is controlled only by field usage "Search Result" assuming that the field access READ or EDIT was granted.
5. Media Holder Access
Each Media Holder can be in such four states:
Editable - user can see Media Holder, download files. Upload is available for Original Media Holder only;
Visible - user can see Media Holder and download files but not upload;
Hidden - user cannot see the Media Holder but can have the possibility to upload or download via External API;
Disabled - user can't access the Media Holder completely.
The next diagram explains the Media Holder state depending on the user's "Download" access. Access to File field works in the same way as was described for Info Sheet Main Form, so only the final field states are included in the diagram.
Note! Field security and usage settings for specific access right are ignored for site/system administrator users.