Prevent column from being returned unless queried with Master Key


I would like to prevent a column from being returned unless queried with the Master Key.
Is there a way to do this?


You want to return everything else in the row except the content of a single column.

Depending on the answer to the above.

  1. To lock down the entire entry then you can use ACL on the whole class or even single entries if you want fine grain control.

  2. If you need to return everything except this columns data then you’ll have to use Cloud Code to perform the master key checking and then strip out that columns data if it’s not present. You should only be using the master key in cloud code anyway as it’s not advisable for it to be anywhere near the client side.


You can use also BeforeFind trigger:

Hope this will help you :slight_smile:

PS this would have been a great question for our stack overflow tag ‘parse-platform’ as it gets great seo and is likely to help other people who ask a similar question in the future…


New in 2.3 is the ability to do just this via configuration without any code!

(although @pivanov’s answer is perfectly valid, it does require code that you’ll have to test)

It isn’t documented yet, so we’ll get on that.

Add to your config the following key:

protectedFields: {
  ClassToProtect: { 
     '*': ['fieldToProtect', 'anotherFieldToProtect'],
     'role:Administrator': [] },
  AnotherClassToProtect: {
     '*': ['fieldToProtect'],

In the example above (which I did not test, but is very close but may have a typo):

ClassToProtect will have two fields protected: fieldToProtect & anotherFieldToProtect which means that they will not be returned in any queries.

but users in the role Administrator will get them.

master key will always get all fields back.

the protect fields spec and personally identifiable information spec have more examples.

PS: anyone who wants to take on adding this to the guides … :).