Admin vs. User Column Visibility Settings in TableCrafter

Updated July 2026 • 6 min read • By Fahad Murtaza • By Fahad Murtaza

TableCrafter table builder, connect Gravity Forms, Google Sheets, Airtable, CSV, or JSON data sources
TableCrafter table builder, connect Gravity Forms, Google Sheets, Airtable, CSV, or JSON data sources

Column visibility in TableCrafter gives you granular control over what data different users see in your tables, from hiding sensitive internal fields from end users, to letting individual users personalize which columns they want on screen. This guide walks through both layers of visibility control, how they interact, and how to configure them correctly for your use case. WordPress powers 43% of all websites globally (W3Techs, July 2026), and TableCrafter bridges the gap between the data you collect and the tables your users need to see, no custom PHP, no dashboard access required for viewers. The free version on WordPress.org supports CSV, JSON, Google Sheets, and Excel. Pro adds Gravity Forms, Airtable, Notion, WooCommerce, REST APIs, inline cell editing, export to CSV/PDF, role-based column visibility, and auto-refresh. Every table embeds on any page with a [tablecrafter] shortcode or the native Gutenberg block. Over 60,000 plugins are available on the WordPress.org plugin directory (WordPress.org, 2026).

How Does Two Distinct Layers of Visibility Control Work?

TableCrafter separates column visibility into two independent concepts that work at different levels:

Important: Admin-defined visibility restrictions are enforced on the server. The column visibility picker only affects columns the user already has permission to access, it cannot be used to reveal restricted columns.

Both layers are Pro features. The free tier renders all configured columns to all users with no per-role filtering or user-facing picker controls.

This step completes the connection between your data source and the TableCrafter table engine. Once saved, the plugin caches the connection credentials in the WordPress options table and uses them on every subsequent page load. If you update the source configuration later - for example, rotating an API key or changing a sheet URL - return to this step, enter the new value, and save again. The table updates immediately on next load without any shortcode changes.

How Does Admin-Defined Column Restrictions (Role-Based Permissions) Work?

The primary visibility gate lives in the table builder under TableCrafter → Tables → Edit. Each column card in the builder exposes a Visible to roles setting. When you restrict a column to specific WordPress roles, TableCrafter strips that column from the query response for any user whose role is not on the allowlist.

This is enforced inside the AJAX handler that serves table data at wp-admin/admin-ajax.php. The handler runs a capability check against the current user before building the column set, columns the user cannot see are never included in the JSON payload sent to the browser.

Configuring role-based column visibility

  1. Go to TableCrafter → Tables and open the table you want to configure.
  2. In the column list, click the column you want to restrict.
  3. Under Permissions, locate the Visible to roles multi-select.
  4. Select every role that should see this column. Leave it empty to inherit the table-level default (visible to all roles that can view the table).
  5. Save the table. Changes take effect immediately, no cache flush needed for role-restricted columns.
Tip: Combine column-level role restrictions with table-level role restrictions. The table-level setting controls who can access the table at all; the column-level setting controls what they see inside it. Both layers respect the same WordPress role system.

Common use cases

The most practical applications of role-based column visibility fall into three categories: protecting sensitive financial or operational data from non-administrative roles; separating personally identifiable information from shared tables where multiple users of the same role can see each other's entries; and reducing visual complexity for end-user roles by stripping columns that are only meaningful to administrators. In each case, the goal is to ensure the data delivered to the browser contains only what the user is authorized to see, not merely what they are expected to look at. Column-level restrictions enforce this server-side so that no client-side workaround can reveal hidden columns.

How Does User-Controlled Column Visibility Picker Work?

Pro When enabled, the column visibility picker renders a small toggle panel above the table, often represented by a columns icon or a "Columns" button depending on your theme. Users click it to check or uncheck individual columns from their view.

This preference is stored per-user in the browser (localStorage by default) so their choice persists across page loads without requiring a database write per interaction. Because it is a client-side preference layer, it only operates on columns that were already delivered in the server response, a user cannot toggle on a column they do not have permission to see.

Enabling the column visibility picker

The column visibility picker is a toggle panel that renders above the table header, listing every column the current user is permitted to see (based on their role) and letting them check or uncheck individual columns from their view. The user's preference is stored in the browser's localStorage, so it persists across page reloads on the same device without requiring a database write per interaction. Because the picker operates only on columns already present in the server's AJAX response, it functions as a personalization tool rather than a security mechanism - a user cannot use the picker to reveal a column that was stripped server-side due to a role restriction. The picker is configured per table, not globally, which lets you enable it on tables where personalization is useful and leave it off on tables with fixed layouts where users should not control column order.

[tablecrafter id="12" column_picker="true"]

You can also enable it from the table builder UI under Display Options → Show column visibility picker, which writes the same setting to the table configuration record.

Setting default column visibility for users

You can pre-configure which columns appear visible by default when a user visits the table for the first time (before they have saved a personal preference). In the column builder, each column has a Visible by default toggle. Deselecting it means the column is hidden in the picker on first load but remains accessible, the user can turn it on whenever they want.

Note: "Visible by default" and role-based restrictions are independent settings. A column hidden by default is still retrievable by the user. A column restricted by role is never retrievable by that role, regardless of the default visibility toggle.

How the Two Layers Interact?

The interaction is straightforward once you understand the order of operations:

  1. Server filters first. When a table loads, the AJAX handler builds the permitted column set for the current user based on role restrictions. Restricted columns are excluded from the response entirely.
  2. Client renders the permitted set. The JavaScript receives only the columns the user is allowed to see and renders the table accordingly.
  3. Picker operates on the rendered set. If the column picker is enabled, the user can then toggle visibility within the permitted set. They cannot add back columns that were excluded in step 1.

This means role-based restrictions are a hard security boundary, while the picker is a UX convenience layer on top.

Security reminder: Never rely on the column visibility picker alone to protect sensitive data. Always configure role-based column restrictions for any field containing personally identifiable information, financial data, or internal business data. The picker is a display tool, not an access control mechanism.

Practical configuration example

Consider a load-tracking table used by both administrators and drivers. Administrators need to see the internal cost-per-mile column and the raw entry ID; drivers should only see their assigned loads and delivery status.

// Shortcode on the driver-facing page
[tablecrafter id="5" column_picker="true"]

// Shortcode on the admin-facing page (same table, different page, same config)
[tablecrafter id="5" column_picker="true"]

In the table builder, the column configuration would look like this:

With this setup, a driver who visits the page receives a JSON payload containing only the first three columns. The cost per mile and entry ID never leave the server for that request. An administrator sees all six columns, with the entry ID hidden by default but available via the column picker.

How Do I Troubleshoot Visibility Issues?

If a column is not appearing as expected, work through these checks in order:

Debugging tip: With WP_DEBUG enabled, TableCrafter logs column permission decisions to the PHP error log. Search for [TableCrafter] entries to trace exactly which columns were stripped for a given user and why.

Frequently Asked Questions

How Does Two Distinct Layers of Visibility Control Work?

TableCrafter separates column visibility into two independent layers. The first is admin-defined and enforced server-side: columns restricted to specific WordPress roles are stripped from the AJAX response before data reaches the browser, so no client-side workaround can reveal them. The second is user-controlled: a frontend picker lets users show or hide columns they are already permitted to see, with their preference stored in localStorage. Role restrictions are a security boundary enforced at the server; the picker is a UX personalization layer. The two layers do not conflict - role restrictions always take precedence. Both layers are Pro features.

What is Admin vs. User Column Visibility Settings in TableCrafter?

Admin vs. User Column Visibility Settings in TableCrafter is a capability provided by TableCrafter, a WordPress plugin that displays data from Gravity Forms, Google Sheets, Airtable, Notion, REST APIs, CSV, JSON, and WooCommerce as interactive, searchable, sortable frontend tables, without writing code.

Does this require PHP or developer skills?

No. TableCrafter is configured entirely through the WordPress admin interface. You choose your data source, map fields to columns, and set display preferences using point-and-click controls. Embedding uses the [tablecrafter] shortcode or the native Gutenberg block.

Is the free version sufficient or do I need Pro?

The free plugin on WordPress.org supports CSV, JSON, Google Sheets, and Excel sources with unlimited tables, rows, and columns. Pro adds Gravity Forms, Airtable, Notion, WooCommerce, REST API sources, inline cell editing, bulk row actions, export to CSV and PDF, role-based column visibility, and auto-refresh every N seconds.

Ready to try it?

TableCrafter is free on WordPress.org. Pro unlocks inline editing, role-based permissions, and advanced data sources.