Help with protectedFields on the _User class

Hi everyone,
I have a question about the usage of protectedFields in the _User class.
I want to have some fields that are only available for the User, not for anyone else.
How could this be done without creating an extra class to store those fields?
Kinda like the old sensitiveUserFields.

You need to pass something like this protectedFields: { _User: { '*': ['phone'] } } when initializing Parse Server.

Thanks for the answer.
It worked!
Here is my code in case anyone needs something similar.

protectedFields: {
  _User: {
    "*": ["email", "privatePhone", "emailVerified", "birthday"],
    "role:generalAdmins": [],
    "role:generalModerators": [],
    "role:userAdmins": [],
    "role:userModerators": []
  Files: {
    "*": ["metadata"],
    "role:generalAdmins": [],
    "role:generalModerators": [],
    "role:filesAdmins": [],
    "role:filesModerators": []

Hi @davimacedo . What’s protected fields? İ recently updated my dashboard to 2.1.0 and protected fields are new. They didn’t exist in previous dashboard version. What do they do?

By looking at the name, i think it prevents some field to be fetched.

Like if I add email field to protected fields, does parse server removes email before sending it to client. I’m currently doing it by converting user to json then delete email field.

Can you clarify?

There is still no documentation about it, but here you have an example by @davimacedo on how to use it.

It does what you think, it makes the rows you choose invisible for the general public, you can also specify roles that you want to be able to read it.
You can also give the user set on a pointer specific protectedFields with “userField:someField”:
More information here:

1 Like

Thank you for the examples. Does protected fields work against masker key? İ moved all my logic to cloud code and using master key in every query.

Master key by passes the protected fields rules.

1 Like

Thank you…

Is there any way to make a protectedField on the User class that not even the user is able to see it?
For example a column called is isBanned, only available with the master key, so the user can not change his status or see it.

You can place this field on a separate class with a pointer to the _User class.