Controlling field access permissions

As a site owner, you can control the visibility and access of nearly any field across any content type, media, users, or comments. For example, if you want to limit the ability to read the Body field of a blog post to only authenticated users, you can restrict the visibility of that field to the 'authenticated users' role.

Another example: If you added a birthday, special interest, or anniversary date field to your user accounts, you may want to limit the visibility of that sensitive information to specific user roles so only privileged users can see it.

Note: For more details on how to collect user profile fields, including during registration, see Collecting custom user-profile information.

To enable access control on one or more fields, go to Configuration > Account settings, and click the Manage Fields tab. After creating the field you want to control access to, you can choose one of the following permissions in the field's Global Settings section:

  • Public (author and administrators can edit, everyone can view)
  • Private (only author and administrators can edit and view)
  • Custom permissions

Note: You cannot control the access of file or media fields; they are always accessible.

Click for a larger version

Custom permissions allow you to fine-tune your permission scheme with the following granularity:

  • Create own value: Only user role(s) you select can enter a value for a specific field. For example, only authenticated users can see the Body field of a blog post. Note: For fields attached to user accounts, this option is available only if you make the field visible on the registration screen.
  • Edit own value: Only the selected user role(s) you select can edit the value they entered for a specific field. For example, only authenticated users can edit the Body field text they submitted. They cannot edit each other's text.
  • Edit anyone's value: Only the user role(s) you select can edit any user's value for a specific field. For example, only the Administrator can edit the Body field text for any user role.
  • View own value: Only the user role(s) you select can view their own value for a specific field. For example, authenticated users can only view their own text. They cannot view Body field text submitted by other authenticated users.
  • View anyone's value: Only the user role(s) you select can view any user's value for a specific field. For example, all authenticated users can Body field text, but anonymous users cannot.
Feedback