I am trying to get an understanding of how granular access permissions are handled in GF. How would the following scenarios be handled:
User1 submits entry 1, 2 and 3 for form 1.
User2 submits entry 4, 5 and 6 for form 1.
How are permissions set-up to allow User1 to only access their submissions (1, 2 and 3), and User2 to only access their submissions (4, 5 and 6)?
Are these access permissions also replicated in the API, where User1 can only access their submissions, for example:
… and User2 can only access theirs, for example:
Hi Andy. The permissions in Gravity Forms are not granular at all. They are for all entries, or all forms, not specific to any specific user. There is an add-on from ForGravity called “Advanced Permissions” which could probably help you out:
Lockdown forms and form entries on a granular level. Blocking or providing access as needed to staff, students, clients, and other users.
If the ForGravity add-on doesn’t provide what you require specific to permissions, or you want something that provides more front-end presentation/control, perhaps either
Gravity View (with it’s Advanced Filtering add-on) or Gravity Flow with its’ inbox and status shortcode/blocks to let you be granular about who sees which entries. As one example, with Gravity Flow and its’ gravityflow_status_filter you can provide more complex logic that uses the same search criteria formats as GFAPI::get_entries.