Allow specific properties to be read-only or editable without using permission lists

Hello,

I have a specific scenario, and I want to see if this is achievable.

I have two scenarios for a specific property. In one scenario, the property can be edited by all. In the second scenario, the property can only be edited by specific users (or user groups) only and read-only for the rest.

I cannot use workflow permissions to achieve this because I can only have one permissions setting for a state.

Does anyone have any ideas how to achieve this?

Thanks.

Patrick.

  • As far as I can tell this isn't currently possible. In general you have two options to define the property permissions / behavior:

    • With property definition permission you can define who can see and edit the property, but this is a static configuration so it doesn't support different permission settings in different contexts.
      • Typical use case: a property containing social security numbers should never been seen by anyone outside the HR team.
    • With metadata card configuration you can set a property hidden or read-only but these metadata card rules can only use the object metadata as the filter so they cannot behave differently depending on who is viewing the metadata card. Also, these rules are applied only in the user interface layer so setting a property as read-only via metadata card rules is not as strong a restriction as using the property definition permissions.
      • Typical use case: when the object reaches a certain workflow state, set a property to read-only for everyone to indicate it should not be edited. (If it's a hard requirement that the property should not be edited anymore, there should also be server-side checks to enforce this as it's possible to bypass metadata card restrictions.)

    Would it be possible to use two different properties here or what are these scenarios like in more detail?