Important: Record Level Security permissions

In order to be able to change Record Level Security settings for a record, a user must possess the typical Operations permissions that allow for editing of records (e.g. daEdit): without the daEdit permission, a user cannot edit records.

Two other conditions must also be met however. The user must possess (or be a member of a group that possesses) the following:

  • The daSecurity permission.
  • The Record Level Security Edit permission for the record: the Edit checkbox on a record's Security tab must be ticked:

Without these two permissions, Record Level Security options on a record's Security tab will be uneditable.

It is worth reiterating that Record Level Security permissions are additional to the base operations permissions. Possessing the Record Level Security Edit permission to a record is not sufficient to be able to edit the record. The user must possess the daEdit permission in the first instance.

It is also important to keep in mind that users inherit permissions from the groups to which they belong.

Users inherit permissions from groups

First a simple illustration. As the name suggests, all users are members of group Everyone. Let us give Everyone permission to Edit this record:

Security tab

Now when we check the permissions for the Admin group we find that not only is the Display permission uneditable, but so is Edit:

To remove the Edit permission from group Admin, we would first need to remove it from group Everyone.

Tip: If your objective is to remove permissions for a user / group and you find that a permission is uneditable, the user / group probably inherited the permission from another group added to the Security box.