How to restrict user to view some record of a collection

Discussions
1

Hi, I want to restrict a user to access to read some records of a collection say “Product” and another user to read all records of collection “Product”?
Another example: How to restrict a user to read/write own records but restrict to others’ created records of a collection say “Article”?

Thanks
Bik

2

Hello,

Since 3.1 version, a new feature was released, its called RBAC (Role-Based Access Control), for community-edition there 3 default roles:

  • Super-Admin: Super Admins can access and manage all features and settings.
  • Editor: Editors can manage and publish content including those of other users.
  • Author: Authors can manage and publish only the content they created.

In that case, the author’s role is that you need.

In the Enterprise edition, Roles creation is unlimited . Role Control is also more advanced, with a high level of granularity options, allowing you to configure CRUD operations for any field available in any content type . You can also check all plans where more subscriptions are available.

3

Thanks… In enterprise version row level and field level security available?

4

Hello, of course.

You can achieve this by using RBAC (Role-Based Access Control)

Let’s look into this example with Admin and Author Role:

View as Admin (there are 4 articles, all of them are visible to the admin):

image
image1209×696 47.6 KB

View as Author (there is a single Collection type: Article, to which I’ve granted access and only one article to which Author has access):

image
image1267×424 24.6 KB

Edit article as Admin:

image
image968×433 23 KB

Edit article as Author (can’t view/modify that secret field, can’t publish article):

image
image1004×348 21.6 KB

1 Like
5

super. thank you so much

6

Hello Sir, I feel kinda find no options on the Administration Panel to make this happen. When I keep logging in as Author, I still can see and delete the data created in Admin.

It’s very helpful if you can share with me the way to solve this, thanks a tons.

7

Screen Shot 2021-02-24 at 8.22.00 PM
Screen Shot 2021-02-24 at 8.22.00 PM3096×1712 281 KB

8

Screen Shot 2021-02-24 at 8.22.07 PM
Screen Shot 2021-02-24 at 8.22.07 PM3096×1712 292 KB

9

Hi,
I am seeing the same issue as Benedict.
I have a Collection called Program which has a property ‘admin_users’ which is a Relation with User(from Admin).
Using RBAC and my custom conditionProvider I am able to filter the listing view correctly, but the value are ‘-’ except for the id. When I click on the row it says ‘You are not allowed to see this document’
My conditionProvider is:

  {
    displayName: "Is Program Editor",
    name: "is-program-editor",
    plugin: "admin",
    handler: (user) => ({
          admin_users: { id: { $eq: user.id } },
    }),
  }

Can you see what I am doing wrong? Is there a way to make a conditionProvider specific to only one Content Type?
Thanks.

2 Likes
10

I am also facing the same problem. Does anyone know of a solution?