Set the permissions and visibility of fields

Set permissions on fields to increase the security of sensitive information. Workflow owners and editors can choose to set any and every field with a different level of security to restrict access to any stored information.

There are 4 levels of field permissions:

  • Public: Field values are visible to anyone interacting with this instance
  • Internal: Field values are hidden from non-team members
  • Confidential: Field values are hidden from everyone except admins and designated users
  • Highly Confidential: Field values are hidden from everyone except designated users. Examples may include social security numbers or salary information.

How to set the permissions for a field

  1. From the Workflow Settings page, select your steps under Actions
  2. Select a task, then select an existing field or Add a Field. Here is an example, of the fields section of an Assign Task to a Person action.

    screen readers look here
  3. Select the advanced tab, then select Permissions.

    screen readers look here
  4. Select the field’s permission level, then if necessary, select the users who should have access to view the field.
  5. Select .

How to apply field permissions retroactively

You can change the field permissions in a Workflow and automatically change the permissions for that field for every instance that has ever run, even if it has completed.

screen readers look here

Toggle on Apply permissions retroactively to apply a default permission level to all fields in all active or completed instances of this Workflow.

⚠️ Heads-up: This does not apply to any draft versions of a Workflow. Only data from the published Workflow version is updated.

How to set default field permissions for a Workflow

Set the default field permissions within a Workflow for all fields added in the future, including those that are added by automated tasks during an instance.

For example, if you’re making a Workflow that processes confidential information, you can set the default permissions for the Workflow before you add actions and save time not changing each field individually.

  1. Select Workflows from the top navigation bar.
  2. Select a Workflow, this will open the Workflow detail page.
  3. Select in the upper-right corner to get to the Workflow Settings page.
  4. Scroll down to the Security section, and click to expand it.

    This is an example of the Workflow permissions screen
    screen readers look here
  5. Set the Default Field Permission level, then if necessary, select the users who should have access to view the field.

How to set default field permissions retroactively

You can change the default field permissions in a Workflow and automatically change the permissions for all fields for every instance that has ever run, even if it has completed. This will only set default permissions for fields that did not have a specific field permission applied within the field’s permission.

Toggle on Apply field permissions retroactively to apply a default permission level to all fields in all active or completed instances of this Workflow.

  1. Set the Default Field Permission level you wish to apply to all past fields.
  2. Select
screen readers look here

💡Tip: If a Workflow begins handling confidential information but the fields are not set as confidential, changing the Workflow’s default field permissions and applying the permissions retroactively is a quick way to change all fields to confidential.

Get help with a problem or question

If something’s not working as expected, or you’re looking for suggestions, check through the options below.

Is the confidentiality level of a field visible to users?

A field’s permission level will not be displayed to a user or team member in a task or web form.

It may be helpful to add “CONFIDENTIAL” to the field or include its confidentiality in the instructions or description if necessary.

How do I set unique permissions for fields created via actions?

If some fields created via actions need to have specific permissions and other fields need to be public, there are a couple of options to set these permissions dynamically:

  • Set the default permissions for the Workflow, then create a new field for each public field and then reference the output field of the actions in the default value. The newly created field can be configured as desired.

  • Do not set default permissions for the template. Create a subprocess to contain the actions which require permissions and set default permissions for the subprocess.