Field Permissions
Learn about working with field permissions in NocoDB.
Field permissions in NocoDB allow you to control who can edit values in specific fields in a table. This feature is particularly useful for managing sensitive data or ensuring that only authorized users can modify certain information.
Enabling Field Permissions
To configure field permissions for a specific table:
- Access field context menu from the field header.
- Select Edit field permissions.
- Use the dropdowns to control who can edit the field.
Permission Levels
You can assign different levels of access to each field. The available options are:
| Option | Who gets access |
|---|---|
| Editors & up | Members with Editor, Creator, or Owner roles (default) |
| Creators & up | Members with Creator or Owner roles |
| Specific users | A custom list of selected members |
| Nobody | No one can edit this field |
By default, users with Editor role and above can edit data in all fields in a table.
- Select Creators & up to prevent editors from editing values in this field.
- Select Nobody to disable editing values for all users in this field.
- Select Specific users to grant access only to selected members.
Only members with Editor, Creator, or Owner roles are available for selection in the dropdown for specific user selection.
Additional notes on field permissions:
- Field permissions do not affect the ability to view records in the table. Users with access can still view all records, but their ability to edit values in specific fields will be restricted based on the permissions set.
- Field permissions are applied at the field level, meaning they affect all records within that table for the specified field. Cannot be set for individual / selected records.
- Field permissions are independent of table permissions. You can set field permissions without enabling table permissions, and vice versa.
- Field permissions also restrict the ability to edit values via API calls and shared forms.
- Field permissions can be set for all field types except for the following field type, as these fields are calculated / system fields and cannot be edited directly.
- formula, rollup, lookup, created-by, last-updated-by, created-at, last-updated-at, button, qr-code, barcode
- For LinkToAnotherRecord field type, only the source table LTAR field permission will suffice to control the ability to edit the field (add / remove links). The related table LTAR field permissions will not be accounted for. For example: Country [has-many] City, if the user has permission to edit the Country table, they will be able to add / remove links to City table records in the Country table, even if they do not have permission to edit the City table related LTAR field.
Permissions Overview
Permissions overview provides a quick summary of the current table & field permissions in a consolidated tabular view.
To access the permissions overview:
- Go to base homepage (Click
Overviewin the sidebar). - Click the Permissions tab.
Subsequently, you can select the table for which you want to view the permissions overview. The overview will display field permissions in addition to table permissions, allowing you to see who can create or delete records in each table, as well as which fields are editable and by whom.
Permissions overview can also be accessed from the table / field permission configuration modal.
