Skip to main content

Role-Based Field-Level Security (FLS)

Learn how to use Field-Level Security (FLS) to control data visibility and hide sensitive information like carrier costs or account numbers from specific user roles.

What is Field-Level Security?

Field-Level Security (FLS) lets you control which data fields are visible to specific user roles in your Logiwa IO account. For example, you can allow your client users to view shipment orders without seeing carrier rates or shipping costs.

In the app, this is managed through Restrictions — ready-made sets that Logiwa defines (such as "Carrier Cost" or "Carrier Account Data"). You turn a Restriction on or off for a role, rather than picking individual fields.

💡 One Switch, Full Protection: A single toggle protects the data everywhere it appears: on screens, in API responses, and in Excel exports.

Restrictions apply across:

  • Screens and grids: Restricted columns don't appear in the grid or in column selectors.

  • Filters: Restricted fields are removed from filter options.

  • API responses: Restricted fields return no value in API calls.

  • Excel exports: either hidden entirely or left blank, depending on the template (see details below).

By default, all fields are visible to all roles. FLS only restricts what you explicitly configure.

Key Concepts

  • Restriction: A ready-made, named set of related fields that you can hide from a role. You don't create or edit Restrictions; you simply apply them to roles.

  • Role: A user type defined in your account (Settings → Users & Roles → Roles).

How Multiple Roles Work:

  • If a user's role has a Restriction applied, those fields are hidden.

  • Most Restrictive Wins: If a user has multiple roles and any of them includes a Restriction, the field is hidden from that user.

  • Roles with no Restrictions applied see all fields as normal.

Who Can Set Up Restrictions?

Right now, only your account's Owner user can configure restrictions — even other admin users cannot access this yet.

  • Don't know who your Owner is? Contact Logiwa Support, and we can complete the setup for you.

  • Looking ahead: Starting next month (August 2026), Owners will be able to delegate this setup permission to other roles.

Setting Up Restrictions

Option A: For One Role

  1. Go to Settings → Users & Roles → Roles.

  2. Find the role you want to configure, click the ⋯ (three dots) at the end of the row, and select Manage Restrictions.

  3. In the right-hand panel, check the Restriction(s) you want to apply.

  4. (Optional) Click the (i) info icon, then select Show Restricted Fields to preview the exact screens and fields covered.

  5. Click Save.

Option B: For Multiple Roles at Once

  1. In the Roles list, select two or more roles using the checkboxes on the left.

  2. Click the Manage Restrictions button at the top right.

  3. Review the Attention notice: saving here will overwrite all existing restriction settings for all selected roles.

  4. Select the Restriction(s) to apply and click Save.

When you click Show Restricted Fields, you will see the exact list of hidden fields:

Available Restrictions

Layer: G=UI Grid | A=API (GET/POST/PUT) | X=Excel Export

Restriction

What It Hides (In-App Description)

Carrier Cost

Hides shipping rates, carrier fees, and related cost information.

Carrier Shipment Details

  • Shipping Cost (G, A, X)

  • Rate (G, A, X)

  • Other Cost (G, A, X)

  • Zone (G, A, X)

  • Total Cost (A)

Shipment Order

  • Rate (G, A, X)

  • Total Shipping Cost (A, X)

  • Current Shipping Cost (A)

Carrier Account Data

Hides carrier account numbers and billing details.

Shipment Order

  • Charged Account Number (G, A, X)

  • Charged Account Country Code (A)

  • Charged Account Postal Code (A)

  • Int Charged Account Country Code (A)

  • Int Charged Account Postal Code (A)

  • Is Manual Charged Account (A, X)

  • Is Manual Int Charged Account (A, X)

  • Int Charged Account Number (A)

Rate Shopping Data

Hides rate shopping usage and selected shipping options.

Carrier Shipment Details

  • Is Rate Shopping (G, A, X)

  • Rate Shopping Shipping Option Name (G, A, X)

You can track which roles have active limits by looking at the Restrictions column in your Roles list, where applied restrictions appear as colored tags.

Excel Exports and Restrictions

Restricted fields are handled in two ways depending on the export type:

  • Standard Exports (e.g., Carrier Shipment Details): These only include columns currently visible in your grid. Since restricted fields are hidden from your screen, they are completely absent from the Excel file.

  • Fixed Template Reports (e.g., Shipment Order): These reports use a rigid layout. The column header will still appear in the file, but the cells will be left blank for restricted users. This is expected behavior, not a missing-data error.

Frequently Asked Questions (FAQ)

Can I select individual fields instead of the whole Restriction?

No, and this is intentional. Fields like Shipping Cost and Rate must be hidden together to protect your margins. Grouping fields ensures that a single toggle consistently protects data across screens, APIs, and exports without requiring complex, field-by-field maintenance.

What if a user has two roles with different restrictions?

The most restrictive setting wins. If Role A hides carrier costs and Role B allows them, a user holding both roles will not see carrier costs.

Can my client users see that fields are being hidden?

No. Restricted fields are completely absent from column selectors, filters, and sort options. There is no error message or visual indicator showing that data is hidden.

How does this affect API and Open API integrations?

It affects both reads (GET) and writes (POST/PUT):

  • GET Requests: Restricted fields return null (The field key remains so your integration won't break, but no data is exposed.)

  • POST/PUT Requests: If an integration payload sends an actual value for a restricted field, the system blocks it with an HTTP 403 (FIELD_ACCESS_DENIED) error. Leaving the field blank, passing null, or omitting it entirely allows the request to succeed.

Coming in Future Updates

We are continuously expanding FLS. The following capabilities are coming soon:

  • Permission Delegation – Allowing Owners to hand over FLS management to other roles.

  • Form Field Hiding – Disabling fields and hiding information on creation and edit forms, not just grids.

  • General Enhancements – Future updates will look into expanding security coverage across other platform data fields as needed.

Did this answer your question?