You may wish to limit access to particular columns in an iSheet for certain user groups. Custom permissions may be configured for columns if permissions are enabled on the iSheet to which they belong. Once permissions are enabled and configured on the iSheet (see iSheet permissions), permissions may be configured on columns by navigating to the iSheet admin page (Admin > Module settings > iSheets), and selecting More actions > Manage columns.
Edit permissions on a column by clicking More actions and selecting Edit permissions:
By default, every column inherits the permission settings of the iSheet to which it belongs and has Inherit iSheet permission enabled:
To set custom permissions for the column, disable Inherit iSheet permission by unticking the checkbox. A table of groups and permission settings will appear:
You may apply custom permissions for each group by unticking the appropriate checkboxes for View and Edit. Click Save to save the permission changes.
A group cannot be granted more access to a column than the access permissions applied for the group on the iSheet itself. In the example above, neither "Client 2" or "Client 3" have edit permissions to the iSheet, and therefore cannot be granted edit rights to the column. Another group, "Client 5", has no access to the iSheet and as such does not appear in the permissions matrix for this column at all.
For reference, here are the permissions assigned to this iSheet that determine the default permissions inherited by this column as they appear in the screenshot above:
Column view and edit permissions
At the column level, permissions are limited to View and Edit. Edit rights grant users in a group access to both view and modify the value of the column, whereas View rights limit a user to viewing the column value. If neither View nor Edit rights are granted to a group of users, the column will not be visible to the user at all in any iSheet table views or item windows.
In the example above, custom permissions are set on the "Expiration Date" column.
- "Client 1" is a group that has Edit rights to the iSheet, but only View rights to this column.
- Therefore users in the "Client 1" group can create new items in the iSheet but cannot set the value of the "Expiration Date" column.
In such cases, it may be helpful to set a default value for the column.
- Even though "Expiration Date" is a mandatory column, users in the "Client 1" group are exempted from this requirement as they do not have permissions to set the value for the column.
- In the Add item window, users in groups who have access to add and edit items but only view access to a particular column, such as "Client 1" users, will see that column name ("Expiration Date"), but not the entry form field:
- Similarly, in the Edit item window, the column name ("Expiration Date") appears along with any value entered by a user with permissions to edit the column. However, the user in "Client 1" cannot modify the value. If the column value were blank, only the name of the column would appear.
- In the column permission example above, members of "Client 3" and "Client 4" have no access to view the "Expiration Date" column.
Restricting view access to a column means that the column will not appear for that group in any of the following:
- Any view of the iSheet, even if the view includes the column and the group has access to the view.
- The iSheet add, edit and view windows.
- The iSheet search form.
A column cannot be searched by any group that does not have at least view access to the column.
Column permission inheritance
You may need to consider how modifying permissions at the iSheet level can impact columns with custom permission settings. For example, if access to the iSheet was removed entirely for the "Client 1" group, users in that group would no longer have any access to the column, despite any column permissions granted previously when inheritance was 'broken' and custom permissions applied.
Alternatively, if "Client 1" had no access permissions to the iSheet (or the group did not exist when the iSheet was created), but was subsequently granted full access view and edit permissions to the iSheet, "Client 1" would not automatically be given any rights to a column that had custom permissions (broken inheritance). Permissions on such columns would need to be manually configured as required.
Re-enabling Inherit iSheet permission will revert the column permissions back to match the permissions of the iSheet.
Conditionality and column permissions
Restricting access to a group on one column and adding a condition to a second column based on the value of the first column will not limit that group's access to the second column.
For example, certain groups cannot view the "Country" column, and the "US State" column has a condition to only display if "Country" equals "United States". The "US State" column has no permission restrictions configured, so all groups have access to and can search on the "US State" column.