Making a Field "Read-Only" for Certain Users

Overview

Role Management gives Sugar administrators the option to set module-level and/or field-level permissions and access for users. One such option is to make a particular field "read-only". Making a field "read-only" ensures that users assigned to the role can see the field in all views but are not able to modify it. This article covers how to create a role in order to restrict a user to have read-only access to a field.

For more information regarding the various features afforded by roles, please refer to the Role Management documentation. In addition, please refer to the Introduction to Roles article for more information on roles and using roles for field-level access control.

Use Case

In this example, we will create a role where the Account module's Email Address field is set to "read-only", then assign the role to a user named Sally.

Prerequisites

You must be an administrator or have Admin & Developer-level role access to create and assign roles as covered in this article. 

Steps to Complete

Creating the Role

First, we will create a new role with the Account module's Email Address field set to "Read Only".

1. Navigate to Admin > Role Management.
2. Select "Create Role" from the Roles module tab's three-dots menu.
   
3. Provide a role name of your choosing and a brief description of the role's purpose. Click "Save".
   
4. In the role's detail view, click on the desired module (e.g., Accounts) in the left pane to view its fields.
   
5. Click the value next to the Email Address field and choose "Read Only".
   
6. Click "Save" to confirm your settings.

Assigning Users to the Role

 Now we will assign the desired user (e.g., Sally) to the newly created role.

1. While still viewing the newly created role, scroll down to the Users subpanel.
2. Click "Select User" then find and select the desired user, Sally.
   

Sally will now appear in the role's Users subpanel. When viewing Sally's user record via Admin > Users, you will also see this role and its restrictions, combined with any other assigned role's restrictions, in the Access tab.

Note: You can also assign a role to a user via the Roles subpanel under the Access tab in the Users module. 

Application

When Sally next logs into Sugar, she will be able to view the account records' email addresses, but will no longer be able to edit the values in the field.