Data Permissions
Required Permission
This feature requires the TEAM_ADMIN_USER_ROLES permission.
Data Permissions control what data a user can access and modify. They are configured at the collection and field level.
Collection-Level Permissions
For each Data Collection, you can control:
| Permission | Description |
|---|---|
| Create | Add new records to this collection |
| Read | View records in this collection |
| Update | Modify existing records |
| Delete | Remove records from this collection |
Configuring Collection Permissions
- Navigate to Admin → User Roles
- Click on a role
- Go to the Collections tab
- For each collection, toggle the CRUD permissions as needed
Field-Level Permissions
Within each collection, you can further restrict access to individual fields:
| Setting | Effect |
|---|---|
| Allow Read | User can see this field's value |
| Allow Update | User can modify this field's value |
| Deny Read | Field is completely hidden from user |
Default Field Access
Each collection has a Default Field Access setting:
- Sets the baseline permission for all fields in that collection
- Individual field permissions can override this default
Configuring Field Permissions
- In the Collections tab of a role, click on a collection name
- You'll see all fields in that collection
- Set the default access level
- Override specific fields as needed
Wizard Permissions
Control which Data Wizards a role can execute:
- Navigate to the Wizards tab in a role
- Toggle access for each wizard
Permission Evaluation
When a user has multiple roles, permissions are combined:
- Feature Permissions - Any role granting a permission enables it
- Collection Permissions - Highest permission level wins
- Field Permissions - Most permissive setting wins
Example
If Role A grants "Read" on Contacts and Role B grants "Read + Update", a user with both roles can read and update Contacts.