What is a good example of why you would want to restrict user or role permissions at the field level?
What is a good example of why you would want to restrict user or role permissions at the field level?
Userlevel 4
Userlevel 2
You may have a field that should only be editable by a manager. An example would be market or region. Another example might be promotion.
Some customers use integrations (e.g. webhooks) that may populate certain fields like review_rating that should be read only and only an administrator can override that value. Hence, field level permissions give you the flexibility to control what roles are allowed to edit it.
- Contentstack Partner
- 4 replies
-
7 March 2023
A good example is to restrict some fields for several roles are SEO related fields. So they should only updated by SEO teams and by any role.
- Contentstack Partner
- 2 replies
-
6 April 2023
I guess that very good example - CEO manager/editor, they ready don’t need access to other field except of SEOs
- Contentstack Partner
- 3 replies
-
11 May 2023
I believe that for a website, we have two types of information: frequently updated content and site-wide information (such as structure, taxonomy, and corporate pages). The second type of information may undergo changes through a special workflow, and even though it is related to common content types, it is better to control access at the field level. By granting explicit rights to authorized roles, we can ensure that only the designated roles have the ability to modify specific fields. This approach provides better control and security over the site-wide information, allowing for more precise management of access and modifications.
For instance, imagine you have a content management system for a healthcare organization. Within the patient records, there may be fields containing personal medical information, such as diagnoses, treatment plans, or medication details. In this case, you would want to restrict access to these fields only to authorized healthcare professionals or roles, such as doctors or nurses. By implementing field-level permissions, you can ensure that non-authorized users, like administrative staff or external stakeholders, cannot access or modify this sensitive medical data.
Some fields may hold content, other fields layout choices. You may want to restrict layout choices to some users, if they are only responsible for the content.
A good example is the SEO field. Usually, this field is setup by an SEO specialist and we shouldn’t allow other users to edit it.
What is a good example of why you would want to restrict user or role permissions at the field level?
Sensitive or confidential info is secured. Only for authorized roles or users.
- Contentstack Partner
- 4 replies
-
6 September 2023
You may want to allow people to update on-page content but not let them update metadata, especially URLs.
SEO fields, URLs etc.
An example could be the access for external collaborators like translators. In this case, we may need to restrict edition access to some entry fields like “category”, “supplier”, etc.
A good example is the SEO field. Usually, this field is setup by an SEO specialist and we shouldn’t allow other users to edit it.
This is a great example, as oftentimes SEO team is different than content team
Restricting based on roles is a great tool, but it is important to keep it simple. For small team, a lot of different roles would be overkill and increase mgmt overhead in a negative way. It’s also important to test correct application of roles, as mentioned in the training.
Reply
Login to the community
No account yet? Create an account
Contentstack Login
Log in with Contentstackor
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.