What is a good example of why you would want to restrict user or role permissions at the field level?


Userlevel 4

What is a good example of why you would want to restrict user or role permissions at the field level?


14 replies

Userlevel 2

You may have a field that should only be editable by a manager.  An example would be market or region.  Another example might be promotion.

 

Some customers use integrations (e.g. webhooks) that may populate certain fields like review_rating that should be read only and only an administrator can override that value. Hence, field level permissions give you the flexibility to control what roles are allowed to edit it.

Userlevel 1
Badge

A good example is to restrict some fields for several roles are SEO related fields. So they should only updated by SEO teams and by any role.

Badge

I guess that very good example - CEO manager/editor, they ready don’t need access to other field except of SEOs

Badge

I believe that for a website, we have two types of information: frequently updated content and site-wide information (such as structure, taxonomy, and corporate pages). The second type of information may undergo changes through a special workflow, and even though it is related to common content types, it is better to control access at the field level. By granting explicit rights to authorized roles, we can ensure that only the designated roles have the ability to modify specific fields. This approach provides better control and security over the site-wide information, allowing for more precise management of access and modifications.

For instance, imagine you have a content management system for a healthcare organization. Within the patient records, there may be fields containing personal medical information, such as diagnoses, treatment plans, or medication details. In this case, you would want to restrict access to these fields only to authorized healthcare professionals or roles, such as doctors or nurses. By implementing field-level permissions, you can ensure that non-authorized users, like administrative staff or external stakeholders, cannot access or modify this sensitive medical data.

Badge

Some fields may hold content, other fields layout choices. You may want to restrict layout choices to some users, if they are only responsible for the content.

Badge

A good example is the SEO field. Usually, this field is setup by an SEO specialist and we shouldn’t allow other users to edit it.

Badge

What is a good example of why you would want to restrict user or role permissions at the field level?

Sensitive or confidential info is secured. Only for authorized roles or users.

Badge

You may want to allow people to update on-page content but not let them update metadata, especially URLs.

Badge

SEO fields, URLs etc.

An example could be the access for external collaborators like translators. In this case, we may need to restrict edition access to some entry fields like “category”, “supplier”, etc.

Badge

A good example is the SEO field. Usually, this field is setup by an SEO specialist and we shouldn’t allow other users to edit it.

This is a great example, as oftentimes SEO team is different than content team

Badge

Restricting based on roles is a great tool, but it is important to keep it simple. For small team, a lot of different roles would be overkill and increase mgmt overhead in a negative way. It’s also important to test correct application of roles, as mentioned in the training.

Badge

There are dedicated employees for some content elements, so a content manager shouldn't have to worry about that. On the other hand, you should keep roles simple and not leave too much to the specialists. A balanced restriction per role is best.

Badge

Because some sort of information is crucial and may be edited by specific users

Reply