Can't make column-based access rules work


I am trying to allow editing specific columns for specific Viewer user. However, it does not work. I am not sure what is wrong, the user should be in “Editor” group?

Yes, Access Rules are a second layer after the role assigned in the Manage Users dialog. They can only restrict that permission further. So if that user’s role is “Viewer”, access rules can only limit further what they can view but cannot grant edit access. If you’d like the user to have any edit access, you should create rules that lock down that access as you wish (e.g. deny everything except one column), and then change the user’s role to an “Editor”.

Also, my recommendation: rather than make rules that compare user.Email directly, I suggest using User Attributes, which would let you put the email in a single place (a table you define), so it’s easier and less error-prone to apply the same rule to different users.

Thank you, Dmitry!

As for User Attributes — you are right, a very handy solution. However, this mine DB is only for two users so introducing a new table will be a bit of over-engineering.

one of my biggest wishes for Grist would be easier access rules, edited right there on the Widget and Column views.

Also, I really wish there was a way to block a user from PAGES instead of only being able to block users from data tables.

I may not want a user to see the page where I store some info, or even less, accidentaly edit it.

But I may want to allow the user to create new records for that same page, if from inside another widget.

1 Like