Guest Get/Update only specific columns in table


#1

Hi,
the Guest can Get/Update only a specific table (already implemented via role)
But is it possible that the guest can only see (Get) and update specific columns of this table?

Thanks in adavance for your help!


#2

You can’t configure a role for field-level permissions. But you can write a server side script that only allows certain fields based on the current role. See here for some examples.

https://github.com/dreamfactorysoftware/dsp-core/wiki/Server-Side-Scripting

You could have a script for get.pre_process that changes the ‘fields’ param for the query based on role.

Basic steps would be:

pre_process script gets role for current user
pre_process script removes disallowed fields from the request based on role
GET completed with possibly modified fields