I. Intro
The new version of advanced permissions in Base comes with a revamped configuration page and more refined permission controls. After upgrading, you can configure permissions for views, rows (records), and columns (fields) as well as control who can copy, download, and duplicate content.
Note: Lark mobile version 7.32 or above is required to use this feature. No version requirements for the desktop app or web version.
II. Steps
Upgrade to the new version
Open the base, click Advanced Permissions in the upper-right corner, and turn on advanced permissions. An option to upgrade the advanced permissions will appear. Click Try Now to go to the new Advanced permissions page.
250px|700px|reset
Note: When you are on the new Advanced permissions page but haven't clicked Save in the lower-right corner, you can click Revert to Previous Version to go back to the old Advanced permissions page. After you have saved the new advanced permission settings, you'll be unable to go back to the old version.
250px|700px|reset
Configuration page for new advanced permissions
On the new Advanced permissions page, roles are displayed on the left, and the corresponding users and permissions are displayed on the right.
250px|700px|reset
Click Add Role on the left to add a role and configure their permission. You can also rename, duplicate, or delete existing roles.
Click a role, then configure the data and other permissions on the right-hand side. In the upper-right corner, you can click Assign Role or the profile photos of users to manage the users that are assigned to this role.
250px|700px|reset
If there are multiple roles added to advanced permissions, you can click the Change to other custom roles icon to assign the member to other roles.
250px|700px|reset
250px|700px|reset
Configure view permissions
Both the old and new versions of advanced permissions allow you to set whether a role can add, delete, or edit views. However, with the old version, users will be able to see all views in the table as long as they have view permission for the table, whereas the new version allows you to set the visibility of each view for more refined control over collaboration permissions.
Click a role and select a table on the right side. Expand the View permissions section, then set whether this role can add, delete, or edit the views as well as to whom the views are visible.
If you have selected Views only visible to users that are assigned to under Visible views, you'll be unable to select Can add, delete or edit views.
Note:
- The visibility settings don't apply to private views, which are only visible to the view owner.
- If you have set certain views to be invisible to a role in Advanced permissions, all newly created views will be invisible to that role by default. This can be manually modified if needed.
250px|700px|reset
250px|700px|reset
Configure record permissions
On the Advanced permissions page, you can set whether a role can add or delete records as well as which records can be edited or deleted.
In addition, the new version allows you to set the Records that can be edited and deleted and the Records that can be viewed for the same role. You can now set the edit and view permissions freely, without having to create multiple roles.
Click a role and select a table on the right side, then expand the Record permissions section.
250px|700px|reset
If All records is not selected under Records that can be edited, you can set which records this role can view. For instance, you can set that users can view but not edit contract records with a status of Signed.
250px|700px|reset
Configure field permissions
On the Advanced permissions page, you can select Can view all, Can add all, or Can edit all for each field separately to control data visibility and editability by field. In addition, the new version allows you to configure more custom permission settings for single option, multiple options, and attachment fields.
Configure adding, deleting, or editing permissions for single-option and multiple-option fields
With the old version, users must have manage permission for a table to be able to add, delete, or edit single option and multiple options fields in that table. The new version allows users to perform these actions as long as they have edit permission for the corresponding fields.
Click a role and select a table on the right side, then expand the Field permissions section.
250px|700px|reset
Select Custom and scroll down to Option permissions. Here, you can configure the relevant settings for the single option and multiple options fields in the table.
Note: Options in records for which the role doesn't have edit permission cannot be deleted.
250px|700px|reset
Configure download permissions for attachment fields
With the old version, all users who have view permission for attachment fields can download the attachments. The new version allows you to restrict downloads of attachments to specific roles.
Click a role and select a table on the right side, then expand the Field permissions section.
250px|700px|reset
Select Custom and scroll down to Action permissions. Here, you can see all the attachment fields in the table. By default, all roles can download the attachments. You can deselect the option to prevent users in the role from downloading the attachments.
There are also other settings in the base that determine whether users can download attachments:
- In the Others tab of advanced permissions, if Duplicate, download or print Base is not selected, then users in the role are not allowed to download anything in the base. In this case, the Can export attachments option cannot be selected.
- In the general permissions settings panel (Path: Share in the upper-right corner of the base > Permission settings , there is a setting for who can duplicate, print, and download. Users must meet this requirement and requirements for advanced permissions to be able to download attachments.
Note: Even if the option is selected, users will only be able to download attachments from attachment fields that are visible to them.
250px|700px|reset
Configure basic permissions
The new version of advanced permissions gives you more refined control over copy, duplicate, download (export), and print permissions.
Click the role and go to the Others tab. Here, you can see two options: Copy content and Duplicate, download or print Base. Both are selected by default. You can deselect them as needed.
Note: These two permissions are subject to additional restrictions in the general Permission settings panel (which is accessible by clicking Share > Permission settings in the upper-right corner of a base). Users must meet both the general permission requirements and advanced permission requirements to be able to perform the corresponding actions. For example, a role that is allowed to Copy content on the Advanced permissions page will still be unable to copy content if Who can copy content is set to Users with manage permission in the general Permission settings panel.
250px|700px|reset
III. FAQs