Support Topics Documentation Slack YouTube Blog

Security for only one column of table

Tell me, please, can I apply a ban on editing for only one column for the owner of the object?
And can I regulate access for only one column of table for different user roles?


unfortunately this is not possible, but you can write custom business logic for this in the before- event handler. There you will see which user make a request, his roles etc, and block request if needed.


can I prohibit the use of standard methods so that the column can only be changed through custom business logic?

custom business logic in the before- event will work always when update column?

beforeUpdate handler will always catch any PUT requests to that table, so there will no another possibility to change data bypassing this handler. But keep in mind that user will still be able to delete/create any data. You also can manage this though Permissions API or via handlers (in case you need to protect only some columns).

Thank you, Stanislaw