How to refine Record Level Security by specifying conditional criteria

It is possible to control the access (display, edit and delete) of users / groups to individual records based on the value in a field.

For example, an institution decides that while everyone should be able to view all staff records in the Parties module, only managers should be able to edit and delete staff records. We would need to ensure that:

  • Existing staff records are updated with the appropriate values:
    • Permissions are set: Display for group Everyone; and Edit and Delete for members of group Managers:

      Display onlyPermissions for Managers

      Tip: You could use the Set Record Security batch update tool to assign these Security permissions to existing records.

      -AND-

    • The Value in the Department field is set to Managers.

      Tip: The Global Replace tool could be used to batch update the value in the Department field.

      Staff records should have the following Security permissions and value in the Department field:

      Conditional security

  • As new staff records are added, the appropriate permissions and values are automatically set.

See (Record Level) Security Registry entry for details about how these security settings are configured.