Child pages
  • How to secure form data and set it visible only to form administrators

This is the documentation for ConfiForms Server/Data Center app

However, this might also work for ConfiForms cloud and in most cases it does. But please see this page to understand the differences between server and cloud versions of the ConfiForms app.

ConfiForms permissions model is described on Confluence page permissions and ConfiForms page. Please read it first to understand this tutorial better.

As you know, each record stored in ConfiForms has an owner (or no owner, if it was created by anonymous user). In general, users are allowed to see and change the records they have created.

Record ownership is stored in the ownedBy metadata field (multi-value holding field) that is present in each ConfiForms record - Documentation

By default they can also see the records stored by others, but this can be disabled by using the following option in ConfiForms Form Definition macro

As you may also know, each form has form administrators/superusers, who can manage any record in the form's dataset. But they still may not edit/see fields if they are restricted with 

(ConfiForms Field Definition macro)

Sometimes, however, you want to restrict the record to be visible only to form administrators, and not even to the user who has created it

That could be done by adding the following IFTTT, and updating the record's ownership

You can update the ownership to "empty" value or to some admin account (for example, the main owner of the form)

You place the IFTTT inside the ConfiForms Form Definition macro, as usual

And configure it like this (here we reset the ownership to nobody, which makes it invisible to the ones who have created the record. Please remember to check the option mentioned in the beginning of the article)

Please be aware that the attachments stored on the page, if your form is set up to allow file uploads, cannot be made secure this way. As Atlassian does not support setting up access restrictions on the attachments individually.

The best way to make  attachments "private" (aka secure) is to use the following option on the ConfiForms Form Definition macro

(server/data center only at the moment)



  • No labels