This article documents how to restrict access to specific fields for certain users in the Liferay platform. For example, there may be the need to set the email address field for users as read-only. This can be accomplished through overriding the default behavior in the platform.
Their are numerous portal properties that can be used to configure the platform to restrict access for certain users to their user fields. They are:
Input a list of comma delimited user types. Users that match one of these user types have permission to edit all of their own fields. Valid user types are "user-with-mx" and "user-without-mx". A value of "user-with-mx" is a user who has an email address that matches the company mail suffix, and "user-without-mx" is a user who does not have an email address that matches the company mail suffix.
Input a list of comma delimited role names. Users associated with one of these roles have permission to edit all of their own fields.
Input a list of comma delimited domain names. Users with an email address that match one of these domain names have permission to edit all of their own fields.
field.editable.domains[birthday]= field.editable.domains[emailAddress]= field.editable.domains[firstName]= field.editable.domains[gender]= field.editable.domains[jobTitle]= field.editable.domains[lastName]= field.editable.domains[middleName]= field.editable.domains[portrait]= field.editable.domains[prefix]= field.editable.domains[screenName]= field.editable.domains[suffix]=
Input a list of comma delimited domain names. Users with an email address that match one of these domain names have permission to edit the specified field.
For example, if the use-case is to restrict the users' ability to edit their own email address, the following steps could be taken:
- The first property that must be set in the
field.editable.user.types=. This property must be set to 'blank'—having nothing after the equal sign. This makes it so that no user will be able to edit anything in his or her account.
- Since it is desired to only limit the users in editing their email address, permission must be given to edit the other fields besides the email address field. That is why all of the following properties must be set. For example, if your domain is test.com, please be sure to use your email suffix, which in this case would be test.com. Please find an example of this below:
field.editable.user.types= field.editable.domains[birthday]=test.com field.editable.domains[emailAddress]= field.editable.domains[firstName]=test.com field.editable.domains[gender]=test.com field.editable.domains[jobTitle]=test.com field.editable.domains[lastName]=test.com field.editable.domains[middleName]=test.com field.editable.domains[portrait]=test.com field.editable.domains[prefix]=test.com field.editable.domains[screenName]=test.com field.editable.domains[suffix]=test.com