Field Permissions
Learn about working with field permissions in NocoDB.
Field permissions in NocoDB allow you to control who can edit values in specific fields in a table. This feature is particularly useful for managing sensitive data or ensuring that only authorized users can modify certain information.
Enabling Field Permissions
To configure field permissions for a specific table:
- Access field context menu from the field header.
- Select Edit field permissions.
- Use the dropdowns to control who can edit the field.
Permission Levels
You can assign different levels of access to each field. The available options are:
| Option | Who gets access |
|---|---|
| Editors & up | Members with Editor, Creator, or Owner roles (default) |
| Creators & up | Members with Creator or Owner roles |
| Specific users | Selected members or teams |
| Nobody | No one can edit this field |
By default, users with Editor role and above can edit data in all fields in a table.
- Select Creators & up to prevent editors from editing values in this field.
- Select Nobody to disable editing values for all users in this field.
- Choose Specific users to allow only selected members or teams to edit this field.
Additional Notes on Field Permissions
- Field permissions do not control field visibility — users with access can still view all field data, but their ability to edit values in specific fields depends on the configured permissions.
- Permissions are applied at the field level, affecting all records in the table for that specific field. They cannot be configured for individual or selected records.
- Field permissions operate independently of table permissions. You can configure field permissions without enabling table permissions, and vice versa.
- Field permissions also apply to API calls and shared forms, restricting the ability to modify field values through these interfaces.
- Field permissions can be set for all field types except the following, as these are calculated or system fields and cannot be edited directly:
- Formula, Rollup, Lookup, Created By, Last Updated By, Created At, Last Updated At, Button, QR Code, Barcode
- For Link to Another Record (LTAR) fields, only the source table’s LTAR field permission determines editability (add/remove links). The related table’s LTAR permissions are not considered.
- Example: If Country has many Cities, and a user has permission to edit the LTAR field in the Country table, they can add or remove links to City records from the Country table — even if they lack edit permission for the City table’s corresponding LTAR field.
Permissions Overview
Permissions overview provides a quick summary of the current table & field permissions in a consolidated tabular view.
To access the permissions overview:
- Go to base homepage (Click
Overviewin the sidebar). - Click the Permissions tab.
Subsequently, you can select the table for which you want to view the permissions overview. The overview will display field permissions in addition to table permissions, allowing you to see who can create or delete records in each table, as well as which fields are editable and by whom.
Permissions overview can also be accessed from the table / field permission configuration modal.
