Permissions for Field-Level Access Control in Freedom UI (to restrict certain fields of a record to be edited only by a specific Role)
Hello everyone,
I am trying to implement a permissions model for a collaborative application in Freedom UI, where different users interact with a record based on their role as explained below -
- Author – The user who creates the record.
- Can create new records.
- Can edit all fields of the records they created, except some restricted fields.
- Reviewer – A special role that:
- Can view all records
- Can edit only specific fields like:
- Review Comments (this field can only be modified by the Reviewer and not by the Author)
- Cannot modify other fields (e.g., Title, Description).
- All other employees:
- Can create new records (and thereby become a new Author).
- Can view records created by others (including the fields updated by the Reviewer) but cannot edit other’s records.
What I have tried so far
- Object Permissions:
- Enabled Object-level permissions on the entity.
-
Gave All Employees role: Create and Read rights.
-
Column Permissions:
- For restricted fields (Reviewer Comments), :
- Gave “Permit Reading and Editing” permission to the Reviewer role
-
Gave “Permit Reading” to All Employees
- For restricted fields (Reviewer Comments), :
- Record-Level Access via BPM:
- Created a business process that:
- Triggers when a record is created.
- Reads the CreatedBy user.
- Assigns Read and Edit rights using "Change Access Rights" → “For an employee”.
-
This was intended to ensure that Authors can edit their own records.
- Created a business process that:
But the current outcome is that while users can create records successfully, they are unable to edit their own records afterward due to lack of permission.
Would appreciate any help on why the Authors are not able to update their own record. I hope this is a valid scenario supported by Creatio.
Also, this whole process seems to be a bit tedious. Is there a simpler way to achieve this using the no-code approach (without going into JavaScript coding to set the visible property based on roles)?
Thanks in advance for any insights!
Ajay
Like
Hello,
Please note that the "Use operation permissions" dictates the main overall rights for the object. If you remove the "Edit" right there, you cannot provide this right in any other way.
In this case you need to enable the "Edit" right there and then customize the conditions in which the users will get these rights. This can be done both by the business processes and especially by the "Use record permissions" detail (which allows you to set specific rights to the records on creation).
Also, in order to be able to set different rights for different records, you need to enable the "Use record permissions" detail anyway (without it enabled, the records are supposed to have unified and the same rights). Please make sure this was done (you may also need to add some settings there depending on your business idea) and check the logic again.
Hello,
Please note that the "Use operation permissions" dictates the main overall rights for the object. If you remove the "Edit" right there, you cannot provide this right in any other way.
In this case you need to enable the "Edit" right there and then customize the conditions in which the users will get these rights. This can be done both by the business processes and especially by the "Use record permissions" detail (which allows you to set specific rights to the records on creation).
Also, in order to be able to set different rights for different records, you need to enable the "Use record permissions" detail anyway (without it enabled, the records are supposed to have unified and the same rights). Please make sure this was done (you may also need to add some settings there depending on your business idea) and check the logic again.
Thank you, Mira.
I gave it the Edit permission at the object level and enabled the Record level permissions and now it works fine. 