Refine User Role Access to Table Information

What is this article about?

• Learn how to limit a user role's access to objects and fields in tables, by setting up table-specific column and row permissions

Who is this article for?

• Account admins and users who have the 'User Management' permission and thus can create new users and manage access

This article is part of a series and offers an in-depth guide to a specific step in the user role creation process. 

Hence, before diving into customization of table access permissions, we recommend first reviewing our guide, 'Manage User Permissions by Creating User Roles.'

As described before, open https://app.logward.com/ and login to your account. Click the profile icon on the top right corner to open the Settings dropdown, select 'Users & Roles', and navigate to the second page within the section, which is called 'User Roles':

All existing Roles will now be visible for you in a table view. 

If you want to refine permissions for an existing role, use the 'pencil' icon under 'Action' on the right-hand side.

Alternatively, use the 'Add Role' button to start with a new role, which is what we do in this guide:

After you've added basic information like the role name and role description, move to the 'Access Permissions'. 

Here, you'll find a list of all tables available in your account, to which you can grant access.

You can configure table permissions as follows:

• Read: Allows the user to view all rows in the table.
• Write: Allows the user to add new rows and edit existing ones.
• Delete: Allows the user to delete entire rows, which cannot be reversed.

Selecting a permission in the list view header will apply it to all tables. You can still adjust permissions for individual tables afterward.

Note: Permissions are cascading. Selecting 'Write' automatically includes 'Read,' and choosing 'Delete' includes both 'Read' and 'Write' for that table. 

After setting the Read, Write, or Delete permission for a table, the role will have access to all columns and rows by default. 

However, if you don't want the role to access all data, you can further refine access by setting additional conditions for specific columns and rows.

Each set of conditions is saved as a rule. These rules apply only to the specific table they're created for and need unique names. This means, you can reuse them in different roles, but only for the same table. 

To select existing rules or create new ones, click 'Search rules' for the table that needs refinement:

A dropdown list will open. If no rules exist or meet your needs, click on the green 'plus' icon to create a new rule:

After clicking the green 'plus' icon, a pop-up window will appear that lists all columns that belong to the respective table. 

You can now refine read and write permissions for each column, or fully hide specific columns this user role.

In our guide, we start by adding the name "Hide Costs" to the rule, then use the search field next to it, to filter for all columns associated to 'costs':

After adapting column permissions, click the 'Save' button at the bottom of the pop-up window.

When you now repeat the rule search for the table, you're newly created rule will appear and you can select it:

As with the column permissions, start by clicking 'Search rules', and then the green '+' icon to create a new row permission.

In the appearing popup window, first enter a unique name in the top left corner, before you click on 'Create Block':

The block you are creating, acts as a filter, showing only the data that matches the conditions.

In our example, we limit access to confirmed Purchase Orders, for which the 'Bill to' information is 'Logward':

Once happy with your conditions, first click on 'Add Block', then proceed to click 'Save'.

When you now search for Row Permissions again, you will find your newly created filter to add it.

Well done!

Following the same process, you can now customize the role's access to all tables. Once you're happy, don't forget to scroll upand save your configurations.

This guide is part of a series. For more insights, such as User Creation or resending the User Invite, have a look into the related articles below.

If you have additional questions, please do not hesitate to reach out to us at: [email protected]