Documentation
Permission rules
Permission rules allow you to control who can view or edit data within columns and/or control elements on the page (tabs, containers, accordian, fragment, header, button, button bar, or image). Any type of control or column can have permission rules assigned.
NOTE: The tab and accordion containers are 2 level containers. Level 1 is all tabs in the control and level 2 is the container inside one of the tabs that holds the columns and other containers. This is important when assigning permissions or styles to the contents of the tab containers.
| Level 1 | Level 2 |
 |
 |
NOTE: Columns that are read-only by their nature, such as ID, cannot be made read/write through rules. Additionally, a column cannot be made read/write when the form itself is a Display form.
You can apply a permission rule at any level of hierarchy, the rule will be applied to all contained elements, unless overridden by another rule at a lower level (for instance, a container might set the permission level to Write, but a contained column's rule might set the column itself to Read.
The following permission levels are available:
- Read - element is visible, columns are read-only.
- Write - element is visible, columns are read/write.
- Hidden - element is hidden.
In the case when multiple rules apply, Write takes precendence, followed by Read. When no rule applies due to conditions, but rules exists, Hidden is implicitly assumed.
Optionally, you can specify the user[s] the rule applies to. You can either specify user/group or a column value. For user/group, you can specify if the user is in or not in user/group. You can specify individual users, SharePoint groups and AD groups. For columns, you can specify Person or Group columns, where the user has to be found, directly or through a group, or a lookup column. In case of a lookup column, you need to specify a secondary Person or Group column found in the lookup list. For instance, if your lookup is to choose a Department from a list of Departments, your Departments list might contain a Manager column. This way you can set a permission rule for the Manager of the particular selected Department.
You can also set one or more conditions. Rule is applied only when the condition[s] are valid. You can use multiple conditions with "And" or "Or" relationship. Conditions can examine column values based on other columns, calculation results and function results. Note that all conditions are validated in real time and your permission rules will be executed as soon as relevant column values are changed.
Note: When setting permissions for specific conditons you should have at least two permission rules one for the first condition and another for the opposite of that condition. Example: Setting a hide permission if a status = Open, and a write or read permission when the status <> Open. The only time you should set one permission on any element or container is if that permission is with no conditions or specific users. Meaning that it applies this permission all the time.
