diff --git a/g3w-admin/core/api/base/views.py b/g3w-admin/core/api/base/views.py
index 3f2194717..d779c7b34 100644
--- a/g3w-admin/core/api/base/views.py
+++ b/g3w-admin/core/api/base/views.py
@@ -428,6 +428,18 @@ def response_config_mode(self, request):
             'fields': fields,
         }
 
+        # Filter fields by user
+        if self.request.user:
+            visiblefields = self.layer.visible_fields_for_user(self.request.user)
+            if len(visiblefields) != len(vector_params['fields']):
+                newfields = []
+                for f in vector_params['fields']:
+                    if f['name'] in visiblefields:
+                        newfields.append(f)
+
+                if newfields:
+                    vector_params['fields'] = newfields
+
         # post_create_maplayerattributes signal
         post_create_maplayerattributes.send(
             self, layer=self.layer, vector_params=vector_params)
diff --git a/g3w-admin/qdjango/tests/test_column_acl.py b/g3w-admin/qdjango/tests/test_column_acl.py
index 315269ee3..d4a5c6cad 100644
--- a/g3w-admin/qdjango/tests/test_column_acl.py
+++ b/g3w-admin/qdjango/tests/test_column_acl.py
@@ -288,6 +288,22 @@ def test_vector_api(self):
         self.assertIsNotNone(record['AREA'])
         self.assertIsNotNone(record['SOURCETHM'])
 
+        # Test for /api/vector/config
+        response = self._testApiCallAdmin01(
+            'core-vector-api', [
+                'config',
+                'qdjango',
+                self.world.project.pk,
+                self.world.qgis_layer.id()])
+
+        resp = json.loads(response.content)
+
+        fields = [f['name'] for f in resp['vector']['fields']]
+
+        self.assertTrue('AREA' in fields)
+        self.assertTrue('SOURCETHM' in fields)
+
+
         acl = ColumnAcl(layer=self.world, user=self.test_user1,
                         restricted_fields=['AREA', 'SOURCETHM'])
         acl.save()
@@ -306,6 +322,21 @@ def test_vector_api(self):
         self.assertIsNone(record['AREA'])
         self.assertIsNone(record['SOURCETHM'])
 
+        # Test for /api/vector/config
+        response = self._testApiCallAdmin01(
+            'core-vector-api', [
+                'config',
+                'qdjango',
+                self.world.project.pk,
+                self.world.qgis_layer.id()])
+
+        resp = json.loads(response.content)
+
+        fields = [f['name'] for f in resp['vector']['fields']]
+
+        self.assertFalse('AREA' in fields)
+        self.assertFalse('SOURCETHM' in fields)
+
         # Test for download API
         # -------------------------------------------------