Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Restricting Access to Specific User Fields

Written By

Liferay Support

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

This article documents how to restrict access to specific fields for certain users in the Liferay platform. For example, there may be the need to set the email address field for users as read-only. This can be accomplished through overriding the default behavior in the platform. 

Resolution

Their are numerous portal properties that can be used to configure the platform to restrict access for certain users to their user fields. They are:

  1. field.editable.user.types=user-with-mx,user-without-mx

    Input a list of comma delimited user types. Users that match one of these user types have permission to edit all of their own fields. Valid user types are "user-with-mx" and "user-without-mx". A value of "user-with-mx" is a user who has an email address that matches the company mail suffix, and "user-without-mx" is a user who does not have an email address that matches the company mail suffix.

  2. field.editable.roles=administrator

    Input a list of comma delimited role names. Users associated with one of these roles have permission to edit all of their own fields.

  3. field.editable.domains=

    Input a list of comma delimited domain names. Users with an email address that match one of these domain names have permission to edit all of their own fields.

  4. field.editable.domains[birthday]=

field.editable.domains[emailAddress]=

field.editable.domains[firstName]=

field.editable.domains[gender]=

field.editable.domains[jobTitle]=

field.editable.domains[lastName]=

field.editable.domains[middleName]=

field.editable.domains[portrait]=

field.editable.domains[prefix]=

field.editable.domains[screenName]=

field.editable.domains[suffix]=

    Input a list of comma delimited domain names. Users with an email address that match one of these domain names have permission to edit the specified field.

For example, if the use-case is to restrict the users' ability to edit their own email address, the following steps could be taken:

  1. The first property that must be set in the portal-ext.properties is field.editable.user.types=. This property must be set to 'blank'having nothing after the equal sign. This makes it so that no user will be able to edit anything in his or her account.
  2. Since it is desired to only limit the users in editing their email address, permission must be given to edit the other fields besides the email address field. That is why all of the following properties must be set. For example, if your domain is test.com, please be sure to use your email suffix, which in this case would be test.com. Please find an example of this below: 
    field.editable.user.types=

field.editable.domains[birthday]=test.com

field.editable.domains[emailAddress]=

field.editable.domains[firstName]=test.com

field.editable.domains[gender]=test.com

field.editable.domains[jobTitle]=test.com

field.editable.domains[lastName]=test.com

field.editable.domains[middleName]=test.com

field.editable.domains[portrait]=test.com

field.editable.domains[prefix]=test.com

field.editable.domains[screenName]=test.com

field.editable.domains[suffix]=test.com
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?