Skip to main content

Access Control for Custom Fields

Eugenia Gueorguieva
  • Updated

Overview

The Access Control for Custom Fields feature gives Administrators the ability to define who can view and edit individual custom fields or custom field groups.

This enhancement extends the existing Custom Fields functionality by introducing visibility and editing permissions.

Access control ensures that confidential or sensitive information (such as financial or referral details) is only visible to authorized users or groups, giving you granular control over field-level permissions.

Key Benefits

  • Enhanced Security: Restrict access to sensitive fields like settlement amounts, referral sources, or financial data 
  • Role-Based Control: Grant access based on user groups, matter team membership, or individual users
  • Flexible Permissions: Apply different access rules to different fields based on your firm's needs 
  • Group-Level Control: Set access rules for entire Custom Field Groups for easier management

How Access Control Works 

When you create or edit a custom field, you can define who has permission to view and edit that field. Users without access will not see the field or its data anywhere in the system—including detail pages, lists, exports, dashboards, reports, or search results.

When access control is set at the group level, it overrides and disables field-level settings for all fields in that group.

Where to Configure Access Control

  1. Navigate to Account Settings > Properties.
  2. Select the appropriate section.
  3. Create or edit a Custom Field or Custom Field Group.
  4. Under the Rules section, find “People with view and edit access to this field.” This determines who can see and modify the field.
  5. If applicable, select users, teams, or groups using the multi-select dropdown.
  6. Click Save to apply the rule.

Available Access Control Options

  • All Users (default) - All active users can view and edit this field 
  • All Users Except - All users except specific individuals you select 
  • Selected Users - Only specific users you choose 

  • Group Members Only - Only members of specific user groups you select, with optional exclusions

     

    Note: When defining a rule for a Custom Field Group, that rule applies to all fields within the group.

     

How Access Rules Are Enforced

Access rules interact with existing role-based and matter-based permissions:

  • Users without access to a field or group cannot see or edit the field or its data anywhere in the system.
  • Hidden data will not appear in:
    • Entity pages (View, Edit, and Details popups)
    • List views (cells appear blank for unauthorized users)
    • Exports and custom reports
    • Global or contextual search results
    • Dashboards and widgets

Even if a user has Matter Access, they must also meet the custom field’s access criteria in order to see the field.

Auditing and Security

  • All access rule changes (create, update, delete) are logged in the Audit Trail, including:
  • Access rules are also enforced in:
    • APIs (GET, POST, PATCH, DELETE)
    • Reports and dashboards
    • Multi-tenant environments (cross-tenant access is blocked)

FAQs

Q: Do users without access still see the field name?
No. The field or group is completely hidden from unauthorized users.

Q: Can I apply different rules to individual fields within a group?
No. Once an access rule is applied to a Custom Field Group, it becomes the authoritative rule for all fields within that group. Field-level access settings are disabled to maintain consistency.

Q: Are access rules enforced via API and reports?
Yes. All integrations, reports, and exports respect access control settings.

Q: What happens if a user is added or removed from a group that has access to a custom field?
Access updates automatically. If a user is removed from a group, they immediately lose access to any fields governed by that group’s rule. Similarly, if they are added to a group with access, visibility is granted instantly.

Q: Can external or portal users be given access to specific custom fields?
Yes. External or ClarraView users can be granted access, provided they:

  1. Belong to the same tenant where the field is defined, and

  2. Meet the specific access rule (for example, group membership or user inclusion).

If either condition isn’t met, they will not see the field.

 

Related articles

Comments

0 comments

Article is closed for comments.