Admin vs. User Column Visibility Settings in TableCrafter

Updated July 2026 • 6 min read • By Fahad Murtaza • By Fahad Murtaza

TableCrafter table builder, connect Gravity Forms, Google Sheets, Airtable, CSV, or JSON data sources
TableCrafter table builder, connect Gravity Forms, Google Sheets, Airtable, CSV, or JSON data sources

Column visibility in TableCrafter gives you granular control over what data different users see in your tables, from hiding sensitive internal fields from end users, to letting individual users personalize which columns they want on screen. This guide walks through both layers of visibility control, how they interact, and how to configure them correctly for your use case. WordPress powers 43% of all websites globally (W3Techs, July 2026), and TableCrafter bridges the gap between the data you collect and the tables your users need to see, no custom PHP, no dashboard access required for viewers. The free version on WordPress.org supports CSV, JSON, Google Sheets, and Excel. Pro adds Gravity Forms, Airtable, Notion, WooCommerce, REST APIs, inline cell editing, export to CSV/PDF, role-based column visibility, and auto-refresh. Every table embeds on any page with a [tablecrafter] shortcode or the native Gutenberg block. Over 60,000 plugins are available on the WordPress.org plugin directory (WordPress.org, 2026).

How Does Two Distinct Layers of Visibility Control Work?

TableCrafter separates column visibility into two independent concepts that work at different levels:

Important: Admin-defined visibility restrictions are enforced on the server. The column visibility picker only affects columns the user already has permission to access, it cannot be used to reveal restricted columns.

Both layers are Pro features. The free tier renders all configured columns to all users with no per-role filtering or user-facing picker controls.

This step completes the connection between your data source and the TableCrafter table engine. Once saved, the plugin caches the connection credentials in the WordPress options table and uses them on every subsequent page load. If you update the source configuration later — for example, rotating an API key or changing a sheet URL — return to this step, enter the new value, and save again. The table updates immediately on next load without any shortcode changes.

How Does Admin-Defined Column Restrictions (Role-Based Permissions) Work?

The primary visibility gate lives in the table builder under TableCrafter → Tables → Edit. Each column card in the builder exposes a Visible to roles setting. When you restrict a column to specific WordPress roles, TableCrafter strips that column from the query response for any user whose role is not on the allowlist.

This is enforced inside the AJAX handler that serves table data at wp-admin/admin-ajax.php. The handler runs a capability check against the current user before building the column set, columns the user cannot see are never included in the JSON payload sent to the browser.

Configuring role-based column visibility

  1. Go to TableCrafter → Tables and open the table you want to configure.
  2. In the column list, click the column you want to restrict.
  3. Under Permissions, locate the Visible to roles multi-select.
  4. Select every role that should see this column. Leave it empty to inherit the table-level default (visible to all roles that can view the table).
  5. Save the table. Changes take effect immediately, no cache flush needed for role-restricted columns.
Tip: Combine column-level role restrictions with table-level role restrictions. The table-level setting controls who can access the table at all; the column-level setting controls what they see inside it. Both layers respect the same WordPress role system.

Common use cases

How Does User-Controlled Column Visibility Picker Work?

Pro When enabled, the column visibility picker renders a small toggle panel above the table, often represented by a columns icon or a "Columns" button depending on your theme. Users click it to check or uncheck individual columns from their view.

This preference is stored per-user in the browser (localStorage by default) so their choice persists across page loads without requiring a database write per interaction. Because it is a client-side preference layer, it only operates on columns that were already delivered in the server response, a user cannot toggle on a column they do not have permission to see.

Enabling the column visibility picker

The picker is toggled at the table level, not globally. To enable it:

[tablecrafter id="12" column_picker="true"]

All three shortcode aliases support the same attribute:

[tablecrafter id="12" column_picker="true"]
[tablecrafter id="12" column_picker="true"]
[tablecrafter id="12" column_picker="true"]

You can also enable it from the table builder UI under Display Options → Show column visibility picker, which writes the same setting to the table configuration record.

Setting default column visibility for users

You can pre-configure which columns appear visible by default when a user visits the table for the first time (before they have saved a personal preference). In the column builder, each column has a Visible by default toggle. Deselecting it means the column is hidden in the picker on first load but remains accessible, the user can turn it on whenever they want.

Note: "Visible by default" and role-based restrictions are independent settings. A column hidden by default is still retrievable by the user. A column restricted by role is never retrievable by that role, regardless of the default visibility toggle.

How the Two Layers Interact?

The interaction is straightforward once you understand the order of operations:

  1. Server filters first. When a table loads, the AJAX handler builds the permitted column set for the current user based on role restrictions. Restricted columns are excluded from the response entirely.
  2. Client renders the permitted set. The JavaScript receives only the columns the user is allowed to see and renders the table accordingly.
  3. Picker operates on the rendered set. If the column picker is enabled, the user can then toggle visibility within the permitted set. They cannot add back columns that were excluded in step 1.

This means role-based restrictions are a hard security boundary, while the picker is a UX convenience layer on top.

Security reminder: Never rely on the column visibility picker alone to protect sensitive data. Always configure role-based column restrictions for any field containing personally identifiable information, financial data, or internal business data. The picker is a display tool, not an access control mechanism.

How Does Practical Configuration Example Work?

Consider a load-tracking table used by both administrators and drivers. Administrators need to see the internal cost-per-mile column and the raw entry ID; drivers should only see their assigned loads and delivery status.

// Shortcode on the driver-facing page
[tablecrafter id="5" column_picker="true"]

// Shortcode on the admin-facing page (same table, different page, same config)
[tablecrafter id="5" column_picker="true"]

In the table builder, the column configuration would look like this:

With this setup, a driver who visits the page receives a JSON payload containing only the first three columns. The cost per mile and entry ID never leave the server for that request. An administrator sees all six columns, with the entry ID hidden by default but available via the column picker.

How Do I Troubleshoot Visibility Issues?

If a column is not appearing as expected, work through these checks in order:

Debugging tip: With WP_DEBUG enabled, TableCrafter logs column permission decisions to the PHP error log. Search for [TableCrafter] entries to trace exactly which columns were stripped for a given user and why.

Frequently Asked Questions

How Does Two Distinct Layers of Visibility Control Work?

TableCrafter separates column visibility into two independent concepts that work at different levels:

What is Admin vs. User Column Visibility Settings in TableCrafter?

Admin vs. User Column Visibility Settings in TableCrafter is a capability provided by TableCrafter, a WordPress plugin that displays data from Gravity Forms, Google Sheets, Airtable, Notion, REST APIs, CSV, JSON, and WooCommerce as interactive, searchable, sortable frontend tables, without writing code.

Does this require PHP or developer skills?

No. TableCrafter is configured entirely through the WordPress admin interface. You choose your data source, map fields to columns, and set display preferences using point-and-click controls. Embedding uses the [tablecrafter] shortcode or the native Gutenberg block.

Is the free version sufficient or do I need Pro?

The free plugin on WordPress.org supports CSV, JSON, Google Sheets, and Excel sources with unlimited tables, rows, and columns. Pro adds Gravity Forms, Airtable, Notion, WooCommerce, REST API sources, inline cell editing, bulk row actions, export to CSV and PDF, role-based column visibility, and auto-refresh every N seconds.

Ready to try it?

TableCrafter is free on WordPress.org. Pro unlocks inline editing, role-based permissions, and advanced data sources.