Ignite Global Support Home Start a conversation Sign in
Start a conversation
  1. Khoros Aurora
  2. Working with custom fields
  3. Managing Access Controls for Custom Fields in Aurora

Managing Access Controls for Custom Fields in Aurora

Khoros Communities Aurora allows administrators to define custom fields for various entity types—such as users, categories, forums, and ideas—to capture additional, community-specific metadata. Each custom field includes an access control definition that governs who can read or write to the field based on roles and permissions.

This guide explains how access controls work for custom fields and outlines the permission model across entity types.

Access Control Basics

Each custom field definition includes an access section with the following actions:

  • read: Specifies who can view the field's value.
  • write: Specifies who can set, update, or remove the field's value.

If no access section is provided, Aurora applies default values based on the entity type.

Access Control Levels

Custom fields support the following access levels for both read and write actions:

Access Level Description
PUBLIC Anyone can access the field.
REGISTERED Only signed-in community users can access the field.
PRIVATE Access is restricted based on specific roles and permissions.
ADMINISTRATOR Only users with administrative-level permissions can access the field.

Role-Based Access Matrix

The table below outlines how read and write permissions work for custom fields across entity types, based on their access level.

NOTE
Use role-based permissions in Admin Settings > Permissions to manage which users can access custom fields.
Entity Type Access Type Who Has Access (Read) Who Has Access (Write)
*Any Type PUBLIC Anyone Anyone
*Any Type REGISTERED Any registered community user who is signed into the community. Any registered community member who is signed into the community.
USER PRIVATE One of the following:
  • The user the custom field is being read for.
  • A member who has been granted access by the user to view their personal data.
  • A member who has been added to a Role that has been granted the "Manage roles and bans in admin & member profiles" (manageMembers) permission.
 One of the following:
  • The member the custom field is being written for.
  • A member who has been added to a Role that has been granted the "Manage roles and bans in admin & member profiles" (manageMembers) permission.
USER ADMINISTRATOR Only a member who has been added to a Role that has been granted the "Manage roles and bans in admin & member profiles" (manageMembers) permission. Only a member who has been added to a Role that has been granted the "Manage roles and bans in admin & member profiles" (manageMembers) permission.
COMMUNITY PRIVATE Prior to 25.4: Anyone
25.4+: Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission.		 Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission.
COMMUNITY ADMINISTRATOR Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission. Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission.
CATEGORY PRIVATE Only a member who has been added to a Role that has granted them the "See categories" (readCategory) permission. Only a member who has been added to a Role that has granted them the "Edit category settings" (editCategory) permission.
CATEGORY ADMINISTRATOR Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission. Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission.
GROUP_HUB PRIVATE Only a member who has been added to a Role that has granted them the "See groups" (readGroupHub) permission. Only a member who has been added to a Role that has granted them the "Edit groups in Community Settings" (adminGroupHub) permission.
GROUP_HUB ADMINISTRATOR Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission. Only a member who has been added to a Role that has granted them the "Edit community settings" (editCommunity) permission.
FORUM PRIVATE Only a member who has been added to a Role that has granted them the "See boards" (readBoard) permission for this Forum Board.
  • If creating a new Forum Board, the caller must have been added to a Role that has been granted the "Create Boards" (createBoard) permission in the Board's Container Node.
  • If updating an existing Forum Board, the caller must have been added to a Role that has been granted the "Edit board settings" (editBoard) permission.
FORUM ADMINISTRATOR Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity) permission. Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity) permission.
FORUM_TOPIC PRIVATE Only a member who has been added to a Role that has been granted both the "See boards" (readBoard) and "Read discussions and content" (readContent) permissions.
  • If creating a new Forum Topic, the caller must have been added to a Role that has been granted the "Start discussions and new content" (createTopLevelContent) permission.
  • If editing a Forum Topic, the caller must have one of the following:
    • The author of the topic message, with a Role that has been granted the "Edit own posts" (editOwnContent) permission.
    • A member with a Role that has been granted the "Edit any post" (editContent) permission.
FORUM_TOPIC ADMINISTRATOR Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity) permission. Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity) permission.
FORUM_REPLY PRIVATE Only a member who has been added to a Role that has been granted both the "See boards" (readBoard) and "Read discussions and content" (readContent) permissions.
  • If creating a new Forum Reply, the caller must have been added to a Role that has been granted the "Reply to discussions and content" (replyToContent) permission.
  • If editing a Forum Reply, the caller must have one of the following:
    • The author of the reply message, if they have been added to a Role that has been granted the "Edit own posts" (editOwnContent) permission.
    • A member who has been added to a Role that has been granted the "Edit any post" (editContent) permission.
FORUM_REPLY ADMINISTRATOR Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity) permission. Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity) permission.
BLOG PRIVATE Only a member who has been added to a Role that has granted them the "See boards" (readBoard) permission for this Blog Board.
  • If creating a new Blog Board, the caller must have been added to a Role that has been granted the "Create Boards" (createBoard) permission in the Blog's Container Node.
  • If updating an existing Blog Board, the caller must have been added to a Role that has been granted the "Edit board settings" (editBoard) permission.
BLOG ADMINISTRATOR Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity) permission. Only a member who has been added to a Role that has been granted the "Edit community settings" (editCommunity
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. ATLAS

  2. Posted
  3. Updated

Comments