Restrict view access of a (Maniphest) Task field to only a specific group of users?

#1

For example, I have an Approver select (dropdown) field that is part of the form when I create a new Task. I want only a specific group of people to be able to see this Approver field when someone creates a new Task or edits the Task. Is there any way to accomplish this?

#2

Anyone have an idea about how to do this?

#3

There might be another way but the only way I know of off hand is to create multiple forms that duplicate every field except the ones you want only visible to specific users. Make the more advanced form only visible to those specific users and give it a higher priority than the other form. Users outside of the group will use the first form they can, the specific group will use the specific form.

You might want to read this page and search it for “basic and advanced workflows”

#4

Thanks for responding. Unfortunately, we tried that solution but found that even after using using “Custom Policy” and setting the form to a few select users, the field is still visible to all admin users on our site as well as those users that were specifically whitelisted. Is there any way to hide the field from users that happen to be admins that aren’t on the whitelist as well?

#5

So this is rather interesting. I just tried to confirm this behavior on https://test-katc6i3xhsmv.phacility.com

When configured correctly (new form visible only to “members of the project: test” it seems like my default edit form is the public form, however if i manually change the link when editing, i can still use the other form that shouldn’t be visible.

#6

Phabricator does not support field-level visibility permissions. Although you may be able to get part of the way there by fiddling with Create/Edit forms, users will still have access to the field in many ways (the timeline saying “Administrator set field value X to Y”; the API; “Export to Excel”, searching for tasks with the field value, and so on).

You can probably write a custom field which is viewer-aware, but this is a large amount of work and you’re mostly on your own in terms of figuring out how to do it.