# Form fields ## Overview You can control access to specific form fields based on the user user's roles. ## Using and accessing roles The `$fr-roles` XPath variable can be used in formulas controlling whether a field or section is visible or readonly. `$fr-roles` contains the list (as an XPath sequence) of roles of the current user, if any. Each role is represented as a string. You can make a control non-visible to the current user by defining a *visibility* expression that returns `false()`. If the control is visible, you can make it readonly to current user by defining a *readonly* expression that returns `true()`. ## Examples The following "Visibility" expression makes a section visible only if one of the roles has value `admin`: ```xpath fr:user-roles() = 'admin' ``` Due to the logic of XPath comparison on sequences, this expression returns `true()` if at least one of the roles is `admin`, even if there are other roles available. *NOTE: Until Orbeon Forms 2016.1, use the following instead.* ```xpath $fr-roles = 'admin' ``` ## See also * [Setup users for access control](/form-runner/access-control/users.md) - How to setup Orbeon Forms so that users and roles are provided. * [Login & Logout](/form-runner/access-control/login-logout.md) - Optional user menu for providing links to login and logout functions. * [Access control for deployed forms](/form-runner/access-control/deployed-forms.md) - How to control access to deployed forms. * [Access control for editing forms](/form-runner/access-control/editing-forms.md) - How to control access to Form Builder. * [Owner and group member permissions](/form-runner/access-control/owner-group.md) - Access based on ownership and groups. * [Organization-based permissions](/form-runner/access-control/organization.md) – Access based on organizational structure. * [Token-based permissions](/form-runner/access-control/tokens.md) - Token-based permissions * [Scenarios](/form-runner/access-control/scenarios.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.orbeon.com/form-runner/access-control/form-fields.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.