In the following example we look at how to limit access to a department's records to members of that department. The theory is identical when controlling who can access a record based on a value in the Record Status: (Access) field, or any other field for that matter.
A museum decides that while all curators should be able to view every record in the Catalog
For this example we would need to ensure that:
- Existing records for each
- Permissions are set:
Displayfor group Everyone; andEditandDeletefor members of the group to which the record belongs.-AND-
- The Value in the Department field is set to the name of the relevant department, e.g.
Fine Arts,Ceramics
For instance, any Catalog
Note: Using the Set Record Security batch update tool it is a simple matter to assign these permissions to existing records.
In order for members of group
- The
EditandDeletepermissions.Note: This is necessary because we have removed the
EditandDisplaypermissions from group Everyone (we don't want everyone to be able to edit or delete this record): if the only group added to the Security box is group Everyone, members of groupDisplaypermission. - The value in the Department field must be
Fine Arts.Note: Although the Set Record Security batch update tool cannot be used to batch update the Department field, the Global Replace tool can.
- As new records are added by members of a group, the appropriate permissions and values are automatically set.
Note: See (Record Level) Security Registry entry for details of how to refine Record Level Security. The Security Registry entries required for this example can be found here.
- Permissions are set: