search

Property Level UI Permissions

Use the UI Property Permissions to restrict access to specific properties in the Backoffice UI.

hashtag
Document Property Value User Permissions

Umbraco provides a feature called Document Property Value User Permissions. This feature can restrict access to specific Document property values for certain user groups. By default, all the built-in User Groups have read and write permissions for all properties. However, you can limit a User Group's permissions for specific properties through the UI.

If a User Group doesn't have write access to a property, the property will be read-only for that User Group. If a User Group doesn't have read access to a property, the property will be hidden from that User Group.

circle-info

The Document Property Value User Permissions are not enforced on the server side. This means a user can still access the property value through the API, even if the property is restricted in the UI.

hashtag
Write custom Property Level Permissions

It is possible to manipulate the permissions via code. This can be achieved through the Guard Managers available on all Content-Type-based Workspace Contexts.

These are the available guards:

  • propertyViewGuard - Manages rules for the visibility of properties.

  • propertyWriteGuard - Manages rules for the writability of properties.

  • readOnlyGuard (This will be removed in the future. Use propertyWriteGuard instead)

The following guide demonstrates how to implement custom rules from a Workspace Context that appends rules to the Guard Managers.

hashtag
Register a Workspace Context

Register a Workspace Contextarrow-up-right to enable appending code to run when a workspace is initialized.

Manifest

manifest.ts
import { UMB_WORKSPACE_CONDITION_ALIAS } from "@umbraco-cms/backoffice/workspace";
import { UMB_DOCUMENT_WORKSPACE_ALIAS } from "@umbraco-cms/backoffice/document";

const manifest: UmbExtensionManifest = {
    type: "workspaceContext",
    name: "My Document Property Permission Workspace Context",
    alias: "My.WorkspaceContext.DocumentPropertyPermission",
    api: () => import("./my-document-property-permission.workspace-context.js"),
    conditions: [
        {
            alias: UMB_WORKSPACE_CONDITION_ALIAS,
            match: UMB_DOCUMENT_WORKSPACE_ALIAS,
        },
    ],
};

hashtag
Write a general rule

The following example adds code for the Workspace Context to set up a single rule preventing writing to all properties.

Workspace Context

This showed how to append a general rule to all properties or variants. This can be made more specific. Therefore, the following example shows how to make a rule that applies to a specific property.

hashtag
Write a rule for a specific property

The following example adds code to retrieve the unique value for a given property. This is then used to create a rule that only prevents writing to that property.

Workspace Context

The next example will adjust the rule so it only prevents writing on a specific culture.

hashtag
Write a rule for a specific property or a specific variant

The following example shows how you can make your rule very specific by targeting a property and a VariantID.

Adjusting the rule for the Workspace Context:

You are in charge of the combination, from targeting everything to targeting a specific property on a specific variant. The last combination purely targets a variant. This means that all properties with values of that variant is also available.

PreviousProperty Dataset ContextNextIcons

Last updated

Was this helpful?