The gform_signature_url_permission_granted filter can be used to perform custom logic to determine if the signature URL will allow access to the file.


The following would apply to all forms.

add_filter( 'gform_signature_url_permission_granted', 'your_function_name', 10, 3 );


  • $permission_granted bool

    Does the user have permission to access the signature? Default is the result of the hash validation.

  • $form_id int

    The ID of the form used to create the requested signature.

  • $field_id int

    The ID of the field used to create the requested signature.


Require the user to have administrative capabilities

The following example shows how you can restrict access to only those users who have permission to activate plugins, but only when the hash has passed validation.

add_filter( 'gform_signature_url_permission_granted', function( $permission_granted, $form_id, $field_id ) {
	return $permission_granted && current_user_can( 'activate_plugins' );
}, 10, 3 );


This code should be placed in the functions.php file of your active theme or a custom functions plugin.


This filter was added in version 4.0.

Source Code

This filter is located in GF_Signature_Image::is_permission_granted() in includes/class-gf-signature-image.php.