Use permission conditions

Restrict what users can access based on specific criteria like ownership, assignment, or data values.

Use permission conditions

What are permission conditions?

Permission conditions add granular rules on top of standard role permissions. While a role permission controls whether a user can view submissions, a permission condition controls which submissions they can view.

For example, you might give a Manager role the ability to view all submissions, but use a permission condition to restrict a Department Lead role to only see submissions from their department.


Add a permission condition

  1. Go to Organization and click Roles.

  2. Click the role you want to modify.

  3. Find the permission you want to restrict (for example, Accounts → View).

  4. Click Add Condition next to the permission.

  5. Select the condition type and configure the criteria.

  6. Click Save.

Conditions narrow access - they never expand it. A condition on the Accounts View permission means the user can only see Accounts that match the condition, not all Accounts plus the ones that match.

Image

Condition types

The available conditions depend on the permission category. The tables below list condition types and where they apply.

Tag-based conditions like "tag equals" and "tag matches account tag" require selecting from existing tags rather than free-typing. This helps users ensure their tags match correctly. *

Tag Values are still case-sensitive. They must match exactly, like "HR" instead of "Human Resources."

Accounts conditions

Adding Conditions to Account Permissions allows you to limit access to certain accounts based on Tag Values.

Condition Effect
Tag Matches Value Grant permissions to accounts with the Tag Name and Tag Value.
Tag Does Not Match Value Exclude permissions to accounts with the Tag Name and Tag Value.

Account conditions will apply to all areas where accounts are referenced, such as the Assign To action in submissions.

Forms conditions

Adding Conditions to Form Permissions allows you to specify which forms a user role can access.

Condition Effect
Form Is One Of Grant permissions to specific forms.
Form Is Not One Of Exclude permissions to specific forms. Unlisted forms will still be accessible based on other permissions.
Tag Matches Value Grant permissions to specific forms based on Tag Names and Tag Values.
Tag Does Not Match Value Exclude permissions to specific forms based on Tag Names and Tag Values.

Form Conditions apply to the Forms page only, not to submission actions.

Submissions conditions

Submissions Conditions enable more detailed access control for user roles. Default permissions allow users to see their submissions and assignments. Consider adding alternative permissions if these are removed.

Condition Effect
Assigned to Active Account Grant permissions to submissions assigned to users with active accounts. Deactivated accounts will not have visible assignments under this condition.
Form Is One Of Grant permissions to submissions from specific forms.
Form Is Not One Of Exclude permissions to submissions from specific forms.
Submitted By Active Account Grant permissions to submissions made by users with active accounts. Deactivated accounts will not have visible submissions under this condition.
Tag Matches Value Grant permissions to submissions based on Tag Names and Tag Values.
Tag Does Not Match Value Exclude permissions to submissions based on Tag Names and Tag Values.
Tag In Range Control submissions permissions based on a range, such as budget thresholds or quantity limits. For example, set a range to allow access to reimbursement submissions over $10,000.

Your Implementation Consultant will help set up these tags in forms. Contact Droplet Support if you're interested in setting this condition.

Packets conditions

Packet conditions limit access to specific packet templates, controlling what packet submissions users can view or manage.

Condition Effect
Packet Is One Of Grant permissions to the selected packets.
Packet Is Not One Of Exclude permissions to the selected packets.

Packet conditions include all submissions within selected packets.

Dataset conditions

Dataset Permissions control access to the datasets behind forms. Grant permissions selectively to safeguard data integrity and workflow accuracy.

Condition Effect
Dataset Is One Of Grant permissions to specific datasets.
Dataset Is Not One Of Exclude permissions to specific datasets.
Tag Matches Value Grant permissions based on dataset tags. Tag Values need to match exactly.

TipCombine multiple conditions on the same permission by adding more than one. Conditions are evaluated using OR logic - the user can access items that match any of the conditions.

Last reviewed by Lindsay Miceli and published on June 16, 2026 12PM ET