Access to app item properties

In the On-Premises edition, starting from version 2025.10, you can restrict access to viewing and editing custom fields in app item pages. For example, in the Contracts app, sales reps can view the Contract amount field in item pages, while only the department head can edit it.

Please note that restrictions for system fields can only be configured using the Restrict access to data option. For example, a user with View permissions for an app level can view all system fields in the item page.

Restrict access to custom app properties

To configure restrictions:

1. Click the gear icon next to the app name and select Access settings.
2. In the top-right corner, click Access to Item Properties.
3. Click + Add Property and select the custom field you want to restrict.
4. Click + Add and choose the object to assign permissions to:

• User, user group and orgchart item.
• System field. The Author, Executors or Subscribers property.
• App property.

5. Specify the permissions available for the selected object: View or Edit.

A user with edit permissions for a property can modify its value across multiple items using bulk editing.

6. Click Save.

How property access restrictions are applied

1. App item search.

Search is only available for accessible fields. In the advanced search window, users will not see fields they do not have access to. Unavailable properties will also not appear in the EQL search bar.

2. Data display on pages.

If restricted properties are used on pages, in reports, charts, or tables, the data will be hidden:

• When selecting parameters for building a chart or report, filters with restricted data will not be available.
• Charts configured to display restricted fields will not be rendered.
• In tables and reports, users will see empty cells instead of restricted data.

3. Data export.

When exporting app data, users can select only accessible properties. Restricted data will not be included in the export.

4. Scripts.

Access restrictions are applied only in client-side scripts. In this case:

• When accessing a restricted property, the value undefined is returned. If the script does not handle undefined, it will fail with an error.
• Search by restricted properties is not performed, so methods like .first(), .count(), .all() will return empty results. If empty value handling is not implemented, the script will fail with an error.

5. API methods.

When using API methods in apps:

• Only properties that the API token owner has read access to are returned in the response.
• When creating or updating an item, properties that the API token owner does not have permission to edit are ignored. All other data is processed according to the request.

Was this helpful?

Thanks for your feedback!

Please specify why:

Recommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

How we can improve it?

YesNo

Please specify whyRecommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

Found a typo? Select it and press Ctrl+Enter to send us feedback