Is there a method to limit the fields displayed in a response by user role? For instance, I have a user/role that I don’t want them to see certain fields like Id, OwnerId, etc…
You can create a post-process server side script that checks the user role id before allowing those fields to be returned.
var result = platform.api.get("user/session");
if (result.role_id === 4 || result.role_id === 7) {
if (event.response.record) {
_.each(event.response.record, function(record) {
delete record.id;
});
}
}
https://github.com/dreamfactorysoftware/dsp-core/wiki/Server-Side-Scripting
Another way would be to write a pre-process script that changed the “fields” parameter based on role id. That would be faster than looping through every record to remove fields.
var result = platform.api.get("user/session");
if (result.role_id === 4 || result.role_id === 7) {
// remove unwanted fields from event.request.body.fields
}