Configuring Automatic Permissions for a Record Permissions Field

Assign record-level access automatically based on 1 or more rules and appears as a read-only field to your users.

On this page

Rule-driven selection method

Use the rule-driven selection method to configure automatic assignment of record-level access.

  • When configuring a field using this method, define 1 or more rules for assigning record access based on data conditions within a record.
  • When creating a rule for assigning record-level access, create 1 or more conditions for rule fulfillment. A condition consists of a field to evaluate and 1 or more values to watch for in that field.

After defining 1 or more conditions for rule fulfillment, select the users and groups who have access to records in which the specified conditions are met. When selecting users and groups, you can also specify whether those users and groups have read-only access to their assigned records or whether they have update and delete access.

When using the rule-driven selection method, you must also select 1 or more default users or groups who have access to records in which none of the rules are met. You can also specify whether those users and groups have read-only access to their assigned records or whether they have update and delete access.

Permissions are recalculated for individual records each time a value changes that causes a new rule to prove true. In addition, record permissions are recalculated for the entire application if any 1 of the following occurs:

  • A new automatic selection record permissions field is created or activated in an application.
  • A permissions rule is added, deleted, or updated in an active record permissions field.
  • An inactive automatic selection record permissions field is activated.
  • A record permissions field that is configured with the manual selection method is reconfigured to use the automatic selection method.

Selection rules for automatic permissions

Automatic selection rules of the record permissions field applies to the Manual or Automatic permission models. A selection rule consists of 1 or more data conditions to watch for within application records and specific permissions the users or groups selected in the record permissions field should have if the specified conditions are met.

You can create multiple rules for dynamically modifying rights based on record content. When you configure multiple rules, the user is granted the highest rights allowed by the rules.

For example, you have 1 rule that gives the selected user read-only rights and another rule that gives the selected user read and update rights. If both rules prove true, the user has read and update rights.

If you add multiple rules, the user is granted the highest rights allowed by the rules. Make sure that at least 1 user has rights to a record by adding a default user or group. When none of the rule conditions are true, rights are granted to the default user or group.

By default, all users and groups selected in a record permissions field have read access to their assigned records. Click the applicable checkbox for update, delete, or both.

You must also select a default user or group that is used when users add new records. The default section can be the record creator or for any selected group or user.

When working with groups, you can include the sub-groups of a selected group in the list of available values for the record permissions field. To include a sub-group, select Cascade for the group in the Users/Groups list.

Note: When you select the Cascade option for a group that contains sub-groups, those sub-groups are available for selection in the Record Permissions field. When a user interacts with the record permissions field while adding or editing a record, the user can select the parent-level group, individual, or both sub-groups nested under the parent group. If a user selects only the parent group, record access is not granted to members of sub-groups. Only individual users who are members of the selected parent group have access to the record.

Task 1: Select the permissions model

  1. From your application, go to Designer tab > Layout tab > Objects panel > Your Field > Properties panel.
  2. In the Permission Model field, select Automatic.
  3. Click Saveto save your changes.

Task 2: Add selection rules for changing the access level of the record permissions field

  1. In the Rules section, click Add.
  2. In the Rule Information section, enter a rule name and a description.
  3. In the Conditions field, do the following to create 1 or more rules:
    1. In the Field Name list, select the field to evaluate for 1 or more specific values.
    2. In the Operator list, select the filter operator.
    3. In the Value(s) field, enter a value or click Elipsis to select the values for the condition.
    4. To save your changes, click Apply.
  4. In the Users/Groups Permissions section, click Add image.
  5. Do 1 or both of the following to select the users and groups:
    • To add a group, from the dropdown, select Groups and click the Group or Groups that you want to add.
    • To add users, from the dropdown, select Users and click the users that you want to add.

      Note: To search for a specific role, enter the role name in the Find field and, if applicable, select the type from the adjacent list. Click Search. The results of your search appear in the Available list in the Search Results node.

  6. Click Apply.

  7. Select the privileges for each user and group.
  8. From the Users/Groups list, select Default to define a user or group as the default selection for the field.
  9. (Optional) Click Cascade to include the sub-groups of a selected group.
  10. Click Save to save your changes.

Task 3: Add default users and groups to the record permissions field

Complete this task to assign 1 or more users and groups who are granted record permissions by default if none of the rules that you specified are met.

  1. In the Default Users/Groups section, click Add image.
  2. Do 1 or both of the following to select the users and groups:
    • To add a group, in the dropdown, select Groups, and click the Group or Groups that you want to add.
    • To add users, in the dropdown, select Users, and click the users that you want to add.

    To search for a specific role, enter the role name in the Search field and, if applicable, select the type from the adjacent list. Click Search. The results of your search are displayed in the Available list in the Search Results node.

  3. Click Apply.
  4. Select the permissions you want to assign to the user or group.
  5. Click Save to save your changes.