The Data Field Access tab of the Permission Groups section of the Admin panel allows you to restrict access to specific fields of your schema based upon permissions of the user or group accessing them. You can grant 5 levels of access to your schema: Data Field Permissions only apply to the following APIs (both REST and JS versions).
The Data Field Access tab of the Permission Groups section of the Admin panel allows you to restrict access to specific fields of your schema based upon permissions of the user or group accessing them.
You can grant 5 levels of access to your schema:
Data Field Permissions only apply to the following APIs (both REST and JS versions).
Restricting Your Schema By Site
When an account contains multiple sites, the Data Field Access tab will display a merged view containing all fields from the schema of all sites. If you require the ability to have different access permissions for a field that uses the same name between multiple sites, be sure that you define the scope of the group in the Scope tab.
You can access the Data Field Access tool by logging into your Gigya Console, navigating to the Admin tab in the header and selecting Permission Groups from the left-hand menu.
Once at the Permission Groups page, click the Editbutton next to the group you want to configure or create a new group by pressing Create Group.
All groups except _admins begin with having no access to any fields. To enable full access to all fields for a group, toggle the switch in the top-right of the page from Restricted Data Access to Full Data Access.
When a group has the Full Data Access toggle selected, you are not able to individually edit the permissions for any fields of your schema and you will see a notice informing you that this group has full access to all fields.
Restricting Schema Fields
To restrict access to all fields in your schema and specify individually which fields this group has access to, ensure that the toggle in the top-right of the page is set to Restricted Data Access. This will allow you to manually set the permissions for fields that you want this group to have access to. Using the appropriate checkboxes you can set the group to have either read-only access to a field or both read and write access to the field (image below).
For instance, if you have a Customer Service group that you want to be able to change email addresses that a user may have entered incorrectly, you can set the emails object of the schema to be read-only, which will give the group the ability to see both verified and unverified email addresses for a user. Then, to enable the group to edit an unverified email (but not existing verified addresses) you can enable write permissions for the unverified emails. Finally, be sure to press Update so that your changes are saved.
Depending upon what privileges you grant users under the Privileges tab, some fields may automatically receive read and/or write permissions to enable the users to utilize these granted privileges. You will see these fields with their necessary permissions uneditable. As an example, you grant the privilege to edit user records:
You will see in the right-hand column, a list of fields that these users will also be automatically granted access to. When you then go and view the Data Field Access tab, these fields will be greyed out and uneditable.
Editing a Site Identity
When a group is granted the Identity Access > User records privilege, if you want the users to have the ability to view and/or edit a person's Site identity you need to grant additional permissions from the Data Field Access tab.
Viewing Site Identities
To view Site identities you must grant the group read permissions to any relevant fields of the identities object, i.e., identities.firstName, identities.lastName, etc.
If you want users to be able to also write to the persons Site identity, you need to also grant write permissions to the corresponding field of the Profile object.
For Console users to edit data for a person's Site identity, their group must be granted READ permissions to the appropriate field in the IDENTITY object and WRITE permissions to the corresponding field of the PROFILE object.
Certain fields in the schema are hierarchical and in order for a user to edit any of these fields they must have Read/Write permissions to all fields in the chain. For instance, profile.age, profile.birthDay, profile.birthMonth, and profile.birthYear. When a user does not have the proper permissions to edit a particular field(s), the field(s) will not be visible in Edit mode.
Placeholder for Data Field Permissions
Data field permissions