Currently the only restriction to access Custom Lists is via a Role but this is applied to all Custom Lists. The following open enhancement exists asking for this:
Enhancement 161800: Customization > Custom Lists > Request the ability for List Level Restrictions (via an Access tab) Permissions based on Role.
An Alternate Solution is to convert the Custom List into a Custom Record Type and use the Custom Record Type Permissions to control the Roles and the level of access that users should have to the list.
Step to accomplish this are:
1. Navigate to Customization > Lists, Records, & Fields > Lists.
- Click on the Custom List in question
Check off Convert to Custom Record
Press Save. This converts the list in to a Custom Record Type
Note: This cannot be undone.
- The list name becomes the name of the Custom Record Type
The list values become Custom Record Entries
2. Navigate to Customization > Lists, Records, & Fields > Record Types.
- Click on Custom Record Type created above
In the header set Access Type = Use Permission List
Under Permissions tab
Add all the Roles that should have access to this Custom Record Type
Set Level = View for the Roles that should only be able to select from the existing list and access the open button to see the list record but not be able to make changes to it
Set Level = Full for the Roles that should have full rights to this list (i.e. add/edit/delete)
Note: Roles that should only be able to select from the list do not need to be added as users are already treated as Level = NONE, which means users do not see the open button next to the field on the entity form but users are able to select from the list.
- Click Save
3. If a Custom Field calling the original Custom List (now a Custom Record Type) already exists proceed to the record (i.e. Entity/Transaction) that references this Custom Field to confirm the field is visible.
Note: The owner of the Custom Record Type are able to see the Open/Add/Edit buttons regardless of the Role users are using.
4. If point 3 passes, then proceed to have users with each of the Roles added in Point 2 confirm users are seeing the restrictions that have been setup when accessing the Custom Field that links to the list.