User role permission issues?

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered

I see there is only one role per user. I have tested this in both "Testing as user role" AND logged in directly to the user account. 

I basically want to limit a specific role to edit only 2 fields in a long form. I have set user Role permission to these:

View: Certain criteria (let's say, Team is equal to Blue)

Modify: Same criteria as View

Fields: Custom Access (All set to view, except 2 set to Modify)


User still can edit other fields, even though their specific role is only supposed to View them. 


In the Fields section of Settings, I see the Permissions under Advanced is not checked "Restrict access by role".


Please advise how to prevent editing any fields other than the 2... I hope I wouldn't have to edit each field and set roles. Some type of conflict or bug perhaps? 


Thanks for your help!

Photo of Justin

Justin

  • 248 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Xavier Fan

Xavier Fan, Champion

  • 410 Points 250 badge 2x thumb
If you have set "Fields: Custom Access (All set to view, except 2 set to Modify)" - then you are already doing field-level permissions.  e.g. A certain role can only edit 2 fields, and has view permissions on all the others in the table.  Those fields should have "Restrict access by role" checked.   And yes - if you want that level of control (have a role only edit those 2 fields, and view all the others), you need to go set that for each field.

I'd say - first double check that the user is actually only in 1 role.  It's easy to assign a user to multiple roles, or if the user is in a group, that group can be assigned to one or more roles as well.

"Testing as user role" may give you weird results, because in some cases, the permissions from your Admin role will give you some access that you shouldn't.  So logging into the user account is the surest way to tell.  One way to test is to have your Admin login on one browser - e.g. Chrome, then use a separate browser - e.g. Firefox - to log directly into the user account - this way you make sure you're on separate sessions and user logins.

Then go through field level permissions for that role and check that only those two fields are set to "modify" for this role, and the rest are set to "view".