Skip to main content

Overview

Column permissions allow you to restrict access to specific columns within a table. This is useful for hiding sensitive information (like salaries, personal data, or internal notes) from users who don’t need to see it.
Column permissions work in addition to table permissions. A user must have table access AND column permission to see/edit a column.

How Column Permissions Work

By default, all columns are visible to anyone with table access. When you set column permissions:
  • Only specified users/teams/roles can view the column
  • Only specified users/teams/roles can edit the column
  • Others see the column header but cannot see or modify values

Setting Column Permissions

1

Open Column Menu

Click the dropdown arrow on the column header
2

Select Column Permissions

Click Column Permissions from the menu
3

Configure View Access

Under Who can view, add:
  • Specific users
  • Teams
  • Roles
4

Configure Edit Access

Under Who can edit, add:
  • Specific users
  • Teams
  • Roles
5

Save

Click Save to apply the permissions

Permission Levels

View Permission

Controls who can see the column values.
  • Users with view permission: See full column data
  • Users without view permission: Column is hidden or shows placeholder

Edit Permission

Controls who can modify the column values.
  • Users with edit permission: Can modify values in edit/create forms
  • Users without edit permission: Field is read-only or hidden
Edit permission requires view permission. You cannot edit what you cannot see.

Default Behavior

ScenarioBehavior
No permissions setEveryone with table access can view and edit
Only view permissions setSpecified users can view; editing follows table permissions
Only edit permissions setEveryone can view; only specified users can edit
Both permissions setFull control over both viewing and editing

Use Cases

Restrict salary columns to HR and management:
  • View: HR Team, Manager Role
  • Edit: HR Team only
Limit access to personal data:
  • View: Direct managers, HR
  • Edit: HR only
Hide internal comments from external viewers:
  • View: Internal team only
  • Edit: Internal team only
Control who sees pricing:
  • View: Sales team, Finance team
  • Edit: Finance team only
Restrict approval status changes:
  • View: Everyone
  • Edit: Approvers role only

Best Practices

Use Roles Over Users

Set permissions by role for easier management when team members change

Document Restrictions

Add column descriptions explaining why access is restricted

Test Thoroughly

Verify permissions by logging in as different user types

Review Regularly

Audit column permissions periodically to ensure they’re still appropriate

Troubleshooting

  1. Verify the user has table-level view permission
  2. Check if column permissions are set
  3. Confirm the user is in the correct team/role
  4. Check if the column is hidden in the current view
  1. Check column edit permissions
  2. Verify user has table-level edit permission
  3. Confirm the user is in the authorized team/role
  1. Clear browser cache
  2. Refresh the page
  3. Log out and log back in
  4. Verify permissions were saved successfully

For AI Agents

UI Navigation

Column permissions are accessed via:
  1. Column header dropdown menu
  2. Select “Column Permissions”
  3. Modal opens with view/edit permission configuration

Component Reference

// Column permissions modal component
Component: ColumnPermissions.tsx
Location: /src/views/entities/permissions/ColumnPermissions.tsx

// Modal sections:
// - "Who can view" - User/Team/Role selector
// - "Who can edit" - User/Team/Role selector

Permission Structure in Column Definition

interface ColumnDefinition {
  name: string;
  displayName: string;
  type: string;
  permissions?: {
    view: {
      userIds: string[];
      teamIds: string[];
      roleIds: string[];
    };
    edit: {
      userIds: string[];
      teamIds: string[];
      roleIds: string[];
    };
  };
}

Setting Permissions via API

Column permissions are updated through the table metadata API: 
POST /zorp-tables-service/table/update
Authorization: Bearer {secretKey}
Content-Type: application/json

{
  "tableType": "my_table",
  "columns": [
    {
      "name": "salary",
      "displayName": "Salary",
      "type": "NUMBER",
      "permissions": {
        "view": {
          "userIds": [],
          "teamIds": ["hr_team"],
          "roleIds": ["manager"]
        },
        "edit": {
          "userIds": [],
          "teamIds": ["hr_team"],
          "roleIds": []
        }
      }
    }
  ]
}

Checking Column Access

When rendering table data, check column permissions: 
// Check if user can view column
function canViewColumn(column, currentUser) {
  if (!column.permissions?.view) return true; // No restrictions

  const { userIds, teamIds, roleIds } = column.permissions.view;

  return (
    userIds.includes(currentUser.id) ||
    teamIds.some(t => currentUser.teamIds.includes(t)) ||
    roleIds.some(r => currentUser.roleIds.includes(r))
  );
}

// Check if user can edit column
function canEditColumn(column, currentUser) {
  if (!column.permissions?.edit) return true; // No restrictions

  const { userIds, teamIds, roleIds } = column.permissions.edit;

  return (
    userIds.includes(currentUser.id) ||
    teamIds.some(t => currentUser.teamIds.includes(t)) ||
    roleIds.some(r => currentUser.roleIds.includes(r))
  );
}

UI Elements

ElementSelectorPurpose
Column Header MenuColumn header dropdownAccess column options
Column PermissionsMenu itemOpens permissions modal
View PermissionsModal sectionConfigure view access
Edit PermissionsModal sectionConfigure edit access
User SelectorSearch inputAdd specific users
Team SelectorDropdownSelect teams
Role SelectorDropdownSelect roles