Tip #34: Hide sensitive fields with field-level security in Qntrl's cards

Tip #34: Hide sensitive fields with field-level security in Qntrl's cards




With Cards in Qntrl, you can create tasks wherein an individual user or team can refer information about the task and ensure everyone with access to the card is well-informed about the card details. However, it can certainly be possible that not all card details need to be accessible to all users in the organization.
 
To ensure that the sensitive and private details are not shared with all user profiles (who have access to the card), you can restrict the level of access for users in your organization. Fields can be moderated on what the user can access, read, and edit based on the profile. 

Who can do this?
Any user with access to Settings in their Qntrl account will be able to perform modifications in the Profile tab.
 
Tip!
To provide Settings permission to a profile, you can do as shown in the screenshot. Navigate to a specific profile and enable the Settings permission in order to allow the users of that profile to access Settings in their Qntrl account.




Who cannot view the fields?
The users in profiles for which the fields are hidden cannot view the fields. However, note that the profile with Admin privileges will be able to view all the fields in all forms.  
 
 
How to provide field-level permission?
Field-level permissions can be given in two ways inside Qntrl.

  1. Provide profile-based permissions  throughout the organization.
    2.  
    In this case, if fields are hidden for 'Staff' profile, all the users associated with this profile will not be able to view fields like 'Medical bills to be claimed', 'Email Id', 'Vendor Details' throughout cards of all orchestrations.
     




  2. Provide orchestration-based permission only to cards of specific orchestrations.
 
In this case, if field is hidden for 'Staff' profile, all the users associated with this profile will not be able to view field 'Medical bills to be claimed' only in 'Reimbursement Form' orchestration.

            


Which fields can be secured with 'Hide' permission?
Only custom fields can be secured with 'Hide' permission. Default fields cannot be hidden and will be visible to users throughout the organization. However, read/edit permissions are subjective to the default fields in cards.
 
You can provide field-level permissions to:
Restrict users from editing specific data entered only during a signup or onboarding process.
Hide specific custom fields in the order process workflow like ‘Invoice amount’, ’Social security number’, etc.
Provide read-only access to ‘Staff’ profile while collecting information during signup that only an admin can change.
Provide read-only access to ‘Hiring managers’ for Position and Candidate fields.
Hide minimum and maximum pay from standard employees and interviewers in the recruitment workflow.
 
If you haven’t already tried these options, before you start, enable the right permissions for each profile and specify the kind of permissions you want for users with each profile, and save your settings. This article specifically deals with ‘Hide’ permission. You can similarly use the field-level permissions for ‘Read/Write’ and ‘Read Only’ permissions.

 

Let us know how this feature is helpful in your organization. Visit our help center to get detailed insights into Qntrl and onboard faster.