Have the ability to specify read/write permissions on the field level

cj · September 18, 2019, 3:31pm

Hi,

It would be great to have the ability to specify read/write permissions on the field level. That way someone can’t see all your models fields by simply looking at the schema; plus it would be really nice to have private fields that only x roles can see, it would open up the possibilities even more with DATOcms!

thimovss · September 18, 2019, 3:32pm

For our use case we require to be able to specify CRUD permissions on field level. Some fields shouldn’t be visible for certain roles, some roles can see certain fields but not edit them, etc. So we either require to able to assign CRUD permissions based on roles, or be able to create different views for different roles. Are there plans to put this issue on the roadmap?/ What is the status of this issue?

Souljuse · November 25, 2019, 10:09am

Linked to:

roger · June 23, 2021, 8:09pm

This would be great to have!

For now, I’m just adding a “for developers only” fieldset and putting all the dangerous fields in there. There is also a Hidden Field plugin… maybe that can be extended to check user role/permissions before showing the field?

mat_jack1 · June 28, 2021, 2:20pm

Yes, the “Hide field from role” plugin normally does the job: Hide field from role - Plugins - DatoCMS

Let us know if the plugins are not enough!

roger · June 28, 2021, 5:27pm

That should be fine, thank you for the suggestion!

It’s not the safest system (anybody who knows how to edit CSS can un-hide that and change the value), but on our small & trusted team it’s probably not an issue.

mat_jack1 · July 1, 2021, 2:56pm

I completely agree, it’s just a workaround, but before adding a lot of complexity there we are trying to understand if that’s the only use case

roger · July 1, 2021, 3:11pm

One use case is to facilitate multi-role editor environments. For example one person might draft the initial article, another person might fill out the SEO fields, a dev might add some arbitrary JSON into a secret field, and then a reviewer would review & publish all of it.

Or, another use case is that maybe we don’t want the slug (or some other unique ID) to be changeable after creation by anyone except devs & admins (not sure if that’s possible… i.e. if there’s a difference between a model entry creation vs field update).

But the workaround should suffice for now. Thanks!

mat_jack1 · July 2, 2021, 9:54am

yes, with the plugin you should be able to hide the fields from the specific roles.

Regarding the ability of hiding a field after the creation you might be able to implement that with a plugin!