Identity & Auth

Schema Permissions

Schema permissions provide field-level access control. While features control access to pages and actions, and data access scopes control which records you can see, schema permissions control which individual fields within those records are visible or editable.

How Schema Permissions Work

Every field in a FullFabric schema (profile fields, application fields, custom fields, etc.) has two permission arrays:

  • visible_by — Which roles can see this field
  • editable_by — Which roles can edit this field

These permissions apply to both the UI (fields are hidden or disabled) and the API (unauthorized changes are rejected).

Permission Values

Each permission array contains one or more role identifiers:

Value Meaning
"anyone" All authenticated users can see/edit this field
"admin" Only administrators
"staff" Any staff member (any substate)
"staff::admissions" Only staff with the admissions substate
"staff::finance" Only staff with the finance substate
"student" Students
"applicant" Applicants
"lecturer" Lecturers

Specific staff substates (e.g., staff::admissions) require an exact match — a staff member with the finance substate cannot see fields restricted to staff::admissions. General role states (e.g., staff) match any substate within that role.

What Users Experience

Staff Members

When you view a profile or application, the fields you see depend on your role:

  • Fields with visible_by: ["anyone"] are visible to all staff.
  • Fields with visible_by: ["staff::admissions"] only appear for admissions staff.
  • Fields with editable_by: ["admin"] appear as read-only for non-admin staff.

If a field is not visible to your role, it is completely hidden — not shown as disabled or empty.

Students and Applicants

Students and applicants see only fields where their role is included in visible_by. For example, an applicant filling out a form sees all fields marked visible to applicants. Internal notes fields marked visible_by: ["staff"] are hidden from applicants entirely.

Lecturers

Lecturers see fields relevant to their teaching context. Fields restricted to staff::academic or lecturer roles appear; fields restricted to staff::finance do not.

For Administrators

Configuring Field Permissions

  1. Navigate to Settings > Schemas (or the relevant schema editor).
  2. Select a schema type (profile, application, etc.).
  3. For each field, set the visible_by and editable_by values.
  4. Save. Changes take effect immediately.

Schema Types

Schema permissions are available across all entity types in FullFabric:

  • Profile schemas
  • Application form schemas
  • Journey (class/programme) schemas
  • Campus schemas
  • Course and subject schemas
  • Organization schemas
  • Event schemas
  • Contract, diploma, transcript, evaluation, and reference schemas

Feature Requirements

Managing schema permissions requires the appropriate schema features for each type:

  • {type}_schema_access — Permission to view the schema configuration
  • {type}_schema_change — Permission to modify field permissions

For example, modifying profile field permissions requires the profile_schema_change feature.

Previous
Data Access Scopes
Next
SSO / SAML