Skip to main content

Prerequisites

  • Access to the domain model YAML file for your project
  • Administration > Nextedy POWERSHEET > Domain Models permissions to edit configurations
  • Basic familiarity with the domain model entity type structure

Set Property-Level Permissions

Property-level permissions control whether individual fields on an entity type are visible or editable. Configure the readable and updatable flags on each property in your domain model.

Step 1: Open Your Domain Model

Navigate to Administration > Nextedy POWERSHEET > Domain Models and open the YAML file for your project.

Step 2: Add Permission Flags to Properties

For each property where you want to restrict access, add readable and updatable flags: 
domainModelTypes:
  UserNeed:
    polarionType: user_need
    properties:
      title:
        readable: true
        updatable: true
      description:
        readable: true
        updatable: true
      severity:
        readable: true
        updatable: false
      internalNotes:
        readable: false
        updatable: false
FlagTypeDefaultEffect
readablebooleantrueWhen false, the property is excluded from the data payload entirely — it is not loaded or transmitted to the client
updatablebooleantrueWhen false, the property appears in the sheet but cannot be modified by users
Setting readable: false does more than hide the column in the UI. The property is excluded from the data payload at the server level — it is never loaded or sent to the client. This provides data-level security, not just visual hiding.

Step 3: Save and Reload

Save the domain model file. Users need to reload any open Powersheet pages to pick up the updated permission settings.

Configure Administration Access

Powersheet separates administration permissions into two scopes: document configuration and domain model configuration. Each scope has independent read and write flags.
PermissionControls
document.admin.readView the sheet configuration YAML
document.admin.writeModify the sheet configuration YAML
model.admin.readView the domain model configuration YAML
model.admin.writeModify the domain model configuration YAML
diagram A user with document.admin.read but without document.admin.write can view the sheet configuration YAML but cannot save changes. The same applies independently to domain model configuration.
Grant model.admin.read broadly so engineers can inspect the domain model for reference, but restrict model.admin.write to administrators who understand the impact of model changes on existing data.

Enable Sheet-Level Read-Only Mode

The entire sheet can be set to read-only using the isReadOnly property in the sheet configuration. This prevents all editing regardless of individual property permissions.

Step 1: Open Your Sheet Configuration

Navigate to Administration > Nextedy POWERSHEET > Sheet Configurations and open the YAML file assigned to your document.

Step 2: Set the Read-Only Flag

Add isReadOnly: true at the root level of your configuration: 
isReadOnly: true
columns:
  title:
    title: Title
    hasFocus: true
  severity:
    title: Severity
The sheet enters read-only mode if any of these conditions is true:
  1. The sheet configuration has isReadOnly: true
  2. The user has the readOnly permission flag set to true
  3. The user is viewing a historical revision or baseline
You do not need to set all three — any single condition is sufficient.

Restrict Individual Columns

Beyond property-level permissions in the domain model, you can also enforce read-only on specific columns in the sheet configuration using the isReadOnly column property: 
columns:
  title:
    title: Title
    hasFocus: true
  severity:
    title: Severity
    isReadOnly: true
  chapter.title:
    title: Chapter Title
    isReadOnly: true
This is useful when a property should be editable in one sheet configuration but read-only in another. The domain model updatable flag applies globally across all sheets, while the column-level isReadOnly applies only to the specific sheet configuration.
ApproachScopeDefined In
updatable: false on propertyAll sheets using this domain modelDomain model YAML
isReadOnly: true on columnSingle sheet configurationSheet configuration YAML
isReadOnly: true at rootEntire sheetSheet configuration YAML
readOnly user flagPer userServer-managed permissions

Configure Navigation Property Permissions

Relationships in the domain model define navigation properties using direct and back directions. Each direction can carry its own permission settings, independent of the target entity type: 
relationships:
  - from: UserNeed
    to: SystemRequirement
    cardinality: many-to-many
    storage: linkedWorkItems
    linkRole: decomposes
    direct:
      name: systemRequirements
    back:
      name: userNeeds
The direct navigation property (from source to target) and back navigation property (from target to source) can each have permission settings that control whether users can traverse and modify the relationship from that direction.
Navigation property permissions are under active development. The exact flags and their behavior may change. Test permission settings in a non-production project before deploying.

Combine Permission Layers

A practical configuration combines multiple permission layers. Here is a complete example that restricts a SystemRequirement entity so that severity is visible but not editable, and internalNotes is completely hidden: 
domainModelTypes:
  UserNeed:
    polarionType: user_need
    properties:
      title:
        readable: true
        updatable: true
      description:
        readable: true
        updatable: true
      severity:
        readable: true
        updatable: true

  SystemRequirement:
    polarionType: sys_req
    properties:
      title:
        readable: true
        updatable: true
      description:
        readable: true
        updatable: true
      severity:
        readable: true
        updatable: false
      internalNotes:
        readable: false
        updatable: false

relationships:
  - from: SystemRequirement
    to: UserNeed
    cardinality: many-to-many
    storage: linkedWorkItems
    linkRole: decomposes
    direct:
      name: userNeeds
    back:
      name: systemRequirements
In the sheet configuration for a review-oriented view, you might further lock down columns: 
isReadOnly: false
columns:
  title:
    title: Title
    hasFocus: true
  description:
    title: Description
  severity:
    title: Severity
    isReadOnly: true
  userNeeds.userNeed:
    title: Linked User Needs
    isReadOnly: true
In this setup:
  • title and description are fully editable
  • severity is visible but cannot be changed (enforced by both updatable: false in the model and isReadOnly: true in the sheet)
  • internalNotes never appears because readable: false prevents it from being loaded
  • The linked user needs column is displayed but cannot be modified in this particular sheet view

Verify Your Configuration

After saving your domain model and sheet configuration changes:
  1. Open the Powersheet page as a regular user (not an administrator)
  2. Verify that columns with updatable: false appear greyed out and reject edits
  3. Verify that properties with readable: false do not appear in the sheet at all
  4. If isReadOnly: true is set on the sheet, confirm that no cells are editable
  5. Check that administration panels respect the document.admin and model.admin permission flags
You should now see restricted properties rendered as non-editable cells and hidden properties completely absent from the sheet view.

See Also