Configuring Manual Permissions for a Record Permissions Field

The manual permissions model allows your users to select users and groups in the field. You define which users or groups are available for selection in the field, and you define the level of record access that should be granted to that user or group. You can also define rules that control the level of permissions the selected users and groups receive based on record content.

Important: You must enter full screen on the Record window to set some of these features. Click Enter full screen to enter full screen. Click Exit Fullscreen to exit full screen.

On this page

Task 1: Select the users and groups that should be available for selection

  1. From your application, go to Designer tab > Layout tab > Objects panel > Your Field > Properties panel.
  2. In the Permission Model field, select Manual.
  3. In the Field Population section, click Add image.
  4. From the Available list, select the users and groups that you want to be available for selection in the record permissions field and click Apply.
  5. In the Users/Groups field, select the applicable level of access that you want each user and group to have to the record.

    By default, all users and groups selected in a record permissions field have read access to their assigned records. Click the applicable checkbox for update, delete, or both.

    You must also select a default user or group that is used when users add new records. If you want the default section to be the record creator, select Default to to the record creator's groups.

    When working with groups, you can include the sub-groups of a selected group in the list of available values for the record permissions field. To include a sub-group, select Cascade for the group in the Users/Groups field.

    Note: When a user interacts with the record permissions field while adding or editing a record, the user can select the parent-level group, individual, or both sub-groups nested under the parent group. If a user selects only the parent group, record access is not granted to members of sub-groups. Only individual users who are members of the selected parent group have access to the record.

  6. If you want to only display groups in the field for which the user is a member, select Display groups that contain the user.
  7. If you want to exclude inactive users from being populated in the field, select Exclude Inactive Users.
  8. Click Saveto save your changes.

Task 2: Add selection rules for changing the access level of the record permissions field

A selection rule consists of 1 or more data conditions to watch for within application records and specific permissions the users or groups selected in the record permissions field should have if the specified conditions are met.

You can create multiple rules for dynamically modifying rights based on record content. When you configure multiple rules, the user is granted the highest rights allowed by the rules. For example, you have 1 rule that gives the selected user read-only rights and another rule that gives the selected user read and update rights. If both rules prove true, the user has read and update rights.

Make sure that at least 1 user has rights to a record by adding a default user or group. When none of the rule conditions are true, rights are granted to the default user or group.

  1. In the Rules section, click Add image.
  2. In the Rule information section, enter a rule name and a description.
  3. In the Permissions field, select the applicable Read, Update, or Delete permissions.
  4. In the Conditions field, do the following to create 1 or more rules:
    1. In the Field Name list, select the field to evaluate for 1 or more specific values.
    2. In the Operator list, select the filter operator.
    3. In the Value(s) field, enter a value or click Elipsis to select the values for the condition.
    4. To save your changes, click Apply.
  5. In the Field Population section, click Add image.
  6. Do 1 or both of the following to select the users and groups:
    • To add a group, from the dropdown, select Groups and click the Group or Groups that you want to add.
    • To add users, from the dropdown, select Users, and click the users that you want to add.

      Note: To search for a specific role, enter the role name in the Find field and, if applicable, select the type from the adjacent list. Click Search. The results of your search appear in the Available list in the Search Results node.

  7. Click Apply.

  8. Select the privileges for each user and group.
  9. From the Users/Groups list, click Default to define a user or group as the default selection for the field.
  10. (Optional) Click Cascade to include the sub-groups of a selected group.
  11. Click Save to save your changes.

Updating Permissions

A modification to the rights granted by a manual record permissions field does not automatically apply to existing records, only to new records added after the change. In order to apply the change to existing records, you must update the field and save the records. The following procedure updates the field for all records.

  1. To update your existing records, run an advanced search that includes only the application key field and the manual permissions field.
  2. Export the results to a CSV file.
  3. Run a data import on the CSV file.