Data Field Access

Skip to end of metadata
Go to start of metadata

 

This parameter or feature is part of our Early Adopters Program. To find out if you are eligible for participation, contact your Account Manager by filling out a support form. You can access the support page by clicking Support on the upper menu after logging into your Gigya Console

Description

The Data Field Access tab of the Permission Groups section of the Admin panel allows you to restrict access to specific fields of your schema based upon permissions of the user or group accessing them.

You can grant 5 levels of access to your schema:

  • No access to any fields
  • Full access to all fields
  • Specific access to defined fields
    • Read-only access to specific defined fields
    • Write-only access to specific defined fields
    • Read and write access to specific defined fields
 

Restricting Your Schema By Site

When an account contains multiple sites, the Data Field Access tab will display a merged view containing all fields from the schema of all sites. If you require the ability to have different access permissions for a field that uses the same name between multiple sites, be sure that you define the scope of the group in the Scope tab.

 

Usage

You can access the Data Field Access tool by logging into your Gigya Console, navigating to the Admin tab in the header and selecting Permission Groups from the left-hand menu.

 

Once at the Permission Groups page, click the Edit  button next to the group you want to configure or create a new group by pressing Create Group.

All groups except _admins begin with having no access to any fields. To enable full access to all fields for a group, toggle the switch in the top-right of the page from Restricted Data Access to Full Data Access.

 

When a group has the Full Data Access toggle selected, you are not able to individually edit the permissions for any fields of your schema and you will see a notice informing you that this group has full access to all fields.

 

Restricting Schema Fields

To restrict access to all fields in your schema and specify individually which fields this group has access to, ensure that the toggle in the top-right of the page is set to Restricted Data Access. This will allow you to manually set the permissions for fields that you want this group to have access to. Using the appropriate checkboxes you can set the group to have either read-only access to a field or both read and write access to the field (image below).

For instance, if you have a Customer Service group that you want to be able to change email addresses that a user may have entered incorrectly, you can set the emails object of the schema to be read-only, which will give the group the ability to see both verified and unverified email addresses for a user. Then, to enable the group to edit an unverified email (but not existing verified addresses) you can enable write permissions for the unverified emails. Finally, be sure to press Update so that your changes are saved.

 

 

Privileges

Depending upon what privileges you grant users under the Privileges tab, some fields may automatically receive read and/or write permissions to enable the users to utilize these granted privileges. You will see these fields with their necessary permissions uneditable. As an example, you grant the privilege to edit user records:

 

You will see in the right-hand column, a list of fields that these users will also be automatically granted access to. When you then go and view the Data Field Access tab, these fields will be greyed out and uneditable.

 

Editing a Site Identity

When a group is granted the Identity Access > User records privilege, if you want the users to have the ability to view and/or edit a person's Site identity you need to grant additional permissions from the Data Field Access tab. 

Edit Site Identity Screen

 

Viewing Site Identities

To view Site identities you must grant the group read permissions to any relevant fields of the identities object, i.e., identities.firstName, identities.lastName, etc.

 

If you want users to be able to also write to the persons Site identity, you need to also grant write permissions to the corresponding field of the Profile object.

 

Important

For Console users to edit data for a person's Site identity, their group must be granted READ permissions to the appropriate field in the IDENTITY object and WRITE permissions to the corresponding field of the PROFILE object.

 

Additional Information

Console Administration

Identity Access

Accounts Data Object

Accounts Profile Object

Accounts Identity Object

 

Placeholder for Data Field Permissions 

#48087
Data field permissions

Code Example

var ssTest = ssTest || {};
ssTest.cbResults = [];
ssTest.cb1 = function (re) {
    var cEr=null;
    var name = re.eventName;
    ssTest.cbResults[name] = {};
    if ((typeof(re.errorCode) !== 'undefined') && (re.errorCode !== 0)) {
        cEr = re.errorCode;
    } else {
        cEr = "No Error";
    }
    console.log(name);
    console.log(cEr);
    console.log(re);
    ssTest.cbResults[name].error = cEr;
    ssTest.cbResults[name].response = re;
};

gigya.accounts.showScreenSet({
    "screenSet": "NewRaas4nov15-RegistrationLogin",
    "onBeforeSubmit": ssTest.cb1,
    "onBeforeValidation": ssTest.cb1,
    "onError": ssTest.cb1
});

 

Response Example

// Using code example above
 
// First response
{  
   "data":{  

   },
   "eventName":"beforeValidation",
   "form":"gigya-login-form",
   "formData":{  
      "loginID":"dsdsdsds",
      "password":"dddd3434",
      "remember":false
   },
   "profile":{  

   },
   "screen":"gigya-login-screen",
   "subscriptions":{  

   },
   "source":"showScreenSet",
   "instanceID":"screenSet"
}
 
// Second response
{  
   "eventName":"beforeSubmit",
   "screen":"gigya-login-screen",
   "form":"gigya-login-form",
   "profile":{  

   },
   "data":{  

   },
   "subscriptions":{  

   },
   "formData":{  
      "loginID":"dsdsdsds",
      "remember":false
   },
   "source":"showScreenSet",
   "instanceID":"screenSet"
}
 
// Third response
{  
   "eventName":"error",
   "status":"FAIL",
   "statusMessage":"General Server Error",
   "errorMessage":"Invalid login or password",
   "errorDetails":"undefined.screenSet",
   "errorCode":403042,
   "response":{  
      "errorMessage":"Invalid login or password",
      "errorCode":403042,
      "errorDetails":"undefined.screenSet",
      "params":{  
         "screenSet":"NewRaas4nov15-RegistrationLogin",
         "connectWithoutLoginBehavior":"loginExistingUser",
         "defaultRegScreenSet":"NewRaas4nov15-RegistrationLogin",
         "defaultMobileRegScreenSet":"NewRaas4nov15-RegistrationLogin",
         "sessionExpiration":-2,
         "rememberSessionExpiration":0,
         "apiDomain":"us1-st1.gigya.com",
         "lang":"en",
         "APIKey":"3_mK2cmEzLkzhqe4MUrtPncxbv4wKsYAhsew0iVwhVUls3c_Jx_HLX434jAVpq5M_W",
         "source":"showScreenSet",
         "pluginsStack":[  
            {  
               "source":"showScreenSet"
            }
         ],
         "lastSource":"showScreenSet",
         "_reportedLoad":true,
         "instanceID":"screenSet",
         "onDisposed":[  
            null,
            null,
            null,
            null
         ],
         "deviceType":"auto",
         "customLang":{  

         },
         "isChild":false,
         "regSource":"http://somedomain.com/" //Changed to protect the innocent
      },
      "info":{  
         "screen":"gigya-login-screen",
         "form":"gigya-login-form",
         "response":{  
            "errorDetails":"invalid loginID or password",
            "errorMessage":"Invalid login or password",
            "errorCode":403042,
            "callId":"cf35bc7683244d898d6f6309af298291",
            "time":"2017-09-07T14:58:13.004Z",
            "status":"FAIL",
            "statusMessage":"Invalid LoginID",
            "requestParams":{  
               "connectWithoutLoginBehavior":"loginExistingUser",
               "defaultRegScreenSet":"NewRaas4nov15-RegistrationLogin",
               "defaultMobileRegScreenSet":"NewRaas4nov15-RegistrationLogin",
               "sessionExpiration":-2,
               "rememberSessionExpiration":0,
               "apiDomain":"us1-st1.gigya.com",
               "lang":"en",
               "APIKey":"3_mK2cmEzLkzhqe4MUrtPncxbv4wKsYAhsew0iVwhVUls3c_Jx_HLX434jAVpq5M_W",
               "screenSet":"NewRaas4nov15-RegistrationLogin",
               "source":"showScreenSet",
               "pluginsStack":[  
                  {  
                     "source":"showScreenSet"
                  }
               ],
               "lastSource":"showScreenSet",
               "_reportedLoad":true,
               "onDisposed":[  
                  null,
                  null,
                  null,
                  null
               ],
               "deviceType":"auto",
               "customLang":{  

               },
               "isChild":false,
               "regSource":"http://somedomain.com/", //Changed to protect the innocent
               "loginID":"dsdsdsds",
               "profile":{  
                  "remember":false
               },
               "dontHandleScreenSet":true,
               "remember":false,
               "loginMode":"standard",
               "include":"profile,data,emails,subscriptions"
            },
            "operation":"/accounts.login"
         }
      }
   },
   "source":"showScreenSet",
   "instanceID":"screenSet"
}