Skip to main content
Swifty
Back to Blog
filters lists permissions scoping

Locked Filters for Pre-Scoped Lists

Swifty Team Mar 14, 2026 3 min read

Sometimes a list should always show a specific subset of data, without users being able to see outside that scope. A support team's task list should only show tickets from their assigned region. A partner portal should only show that partner's own orders. An embedded sub-list on a detail page should only show records related to the parent record, never the full collection.

Locked filters implement these permanent constraints.

What a Locked Filter Does

A locked filter is a filter that applies to a list and cannot be removed, modified, or circumvented by the user. It operates beneath any user-applied filters — user filters narrow the locked scope further; they can't expand beyond it.

Locked filters are invisible to users who don't have builder access. From the user's perspective, the list simply shows the relevant data. The filter constraint is an infrastructure detail, not something they interact with.

Configuration in the Builder

Locked filters are set in the list component's configuration, in a separate "Locked Filters" section distinct from the user-facing filter controls. Add a filter, set the field, set the value, mark it as locked. Users will never see a way to clear this filter.

Multiple locked filters can be applied to a single list. All of them apply simultaneously and are all non-removable.

Dynamic Locked Filters

Locked filter values can be dynamic. A sub-list on a customer detail page might have a locked filter of "customer = {current record ID}" — the filter references the parent record's ID dynamically. Every instance of this list on a different customer record applies the right ID without separate configuration.

Similarly, "assigned to current user" as a locked filter creates a list that always shows the current user's own records, regardless of who's viewing it.

Security Implications

Locked filters are a UX constraint, not a security boundary. A determined user with direct API access might be able to retrieve data outside the locked scope. For data that needs true access control — where certain users must never see certain records — use role-based permissions, which operate at the data access layer.

Locked filters are the right tool for directing users toward relevant data and preventing accidental navigation into irrelevant data — not for enforcing information security.

Common Use Cases

  • Related records sub-lists (always scoped to the parent record)
  • Team-specific views (scoped by assignee or team field)
  • Status-scoped lists (an "Active" list that always excludes archived records)
  • Partner or customer portals (scoped to the viewing organization's data)
  • Role-specific dashboards (scoped to data relevant to a specific function)

Related posts

Composed Data Sources

Chain and relate data sources for rich dashboards — compose complex data views from simpler sources without writing code.

Computed Expressions

Transform data with template expressions and built-in functions — format, combine, and derive values from your data without code.

Cross-Source Data Joins

Combine data from multiple sources in one view — join records from your database with data from external services using a shared key.