ConfiForms permissions model is described on Confluence page permissions and ConfiForms page. Please read it first to understand this tutorial better.
As you know, each record stored in ConfiForms has an owner (or no owner, if it was created by anonymous user). In general, users are allowed to see and change the records they have created.
Record ownership is stored in the ownedBy metadata field (multi-value holding field) that is present in each ConfiForms record - Documentation
By default they can also see the records stored by others, but this can be disabled by using the following option in ConfiForms Form Definition macro
As you may also know, each form has form administrators/superusers, who can manage any record in the form's dataset. But they still may not edit/see fields if they are restricted with
(ConfiForms Field Definition macro)
Sometimes, however, you want to restrict the record to be visible only to form administrators, and not even to the user who has created it
That could be done by adding the following IFTTT, and updating the record's ownership
You can update the ownership to "empty" value or to some admin account (for example, the main owner of the form)
You place the IFTTT inside the ConfiForms Form Definition macro, as usual
And configure it like this (here we reset the ownership to nobody, which makes it invisible to the ones who have created the record. Please remember to check the option mentioned in the beginning of the article)
Please be aware that the attachments stored on the page, if your form is set up to allow file uploads, cannot be made secure this way. As Atlassian does not support setting up access restrictions on the attachments individually. The best way to make attachments "private" (aka secure) is to use the following option on the ConfiForms Form Definition macro
(server/data center only at the moment) |
