In Master Data v1, it is possible to create data entities with different access restrictions for each field:
- Make readable without credentials
- Allow editing without credentials
- Allow filtering without credentials
Depending on the data stored, public access without authentication can pose a risk to your business. To enforce authentication and restrict public access to fields containing sensitive data, follow the instructions below.
-
In the VTEX Admin, go to Store Settings > Storefront > Master Data.
-
In Master Data, click Applications.
-
Click the gear next to Profile System:
-
In Settings, click Data structure.
-
Click the Data Entities tab.
-
In the data entity row, click the edit button.
-
Click the gear icon in the row of a field that contains confidential data.
-
Uncheck the following options:
- Make readable without credentials
- Allow editing without credentials
- Allow filtering without credentials
-
Click
Save
. -
In the row of the changed data entity, click the Publish button to publish the saved settings.
-
Click
OK
.
Required permissions
After following the previous instructions, it is mandatory to have a role with the necessary permissions to access the following information:
- At least one resource from the Generic resources category in the Master Data product: READONLY_USER_CRM, POWER_USER_CRM, NOREMOVE_USER_CRM, or ADMIN_CRM.
- At least one resource from the Dynamic storage generic resources category in the Dynamic Storage product:** READONLY_USER_DS**, NOREMOVE_USER_DS, POWER_USER_DS, or ADMIN_DS.