Managing Field Level Security Settings

Users and groups traditionally are given Create, Edit, Read, and Delete permissions to records within Entities in Aptify. If a user is granted Edit permissions, this means that they may edit any field in the record. Granting Read permissions means that users have access to read data contained in any fields in the record. Field Level Security adds another layer of security, allowing administrators to determine who should or should not be able to see or edit specific data points or fields within a record.
Field Level security is implemented at the Entity level, maintained at the Entity Field level, and requires administrative permissions within Aptify for access to the Entities entity and associated sub-entities. With field level security, the ability to read and/or edit specific fields within a record is controlled.

Granting Read permissions within Field Level Security alters how users may use views for the entity. Users granted Read permission to the entity may read any record belonging to that entity. Removing Read permission for one field means that the users may still read any record for that entity, with the exception of that one field. If Field Level Security is configured to remove Read permissions on specific fields, users are not able to view data in those fields either on the records or in a view.

Field level security applies to all users and groups granted Read or Edit permissions to that entity.

 

This topic contains the following sub-topics:

Turning On Field Level Security

Before configuring Field Level Security for an entity, the functionality must first be turned on. This is done at the Entities record.

  1. Open the desired Entities record and select the Security > Options tab.
    • A Field Level Security section appears on the form. 

       Entities Record Security Tab
  2. Select the Field Level Security option.
    • This displays the Field Level Security dialog, which lists all fields defined for the entity.
    • By default, all users and groups that have Read or Edit permissions at the entity level are given Read and Edit permissions for each field. Also, if Allow In Place Editing is selected for the entity, all users and groups that have In Place Edit permissions at the entity level are given In Place Edit permissions for each field.
    • In the examples shown below, In Place Editing is not enabled for the entity so the Allow In Place Edit check boxes are not selected in the Field Level Security dialog.

      Field Level Security Dialog Box
  3. Modify the default Read/Edit permissions, as necessary.
    • Use the Select All and Remove All buttons as necessary to change all of the field settings with one button click.
    • If you remove Edit permissions for a field, the system also automatically clears the the corresponding Allow In Place Edit check box (if it is also selected).
    • For example, if you want all users and groups to have Read access only to the OwnerName field as the Field Level Security starting point, clear the corresponding Edit check box.  
       
      Changing Default Security
  4. Click OK to close the Field Level Security dialog box.
    • A message box displays, informing the user that this will overwrite any existing Field Level Security configuration already in place for the entity. 
  5. Click Yes to return to the Entities record. 

     If you enable Field Level Security and use the default selections in the Field Level Security dialog box (that is, all fields have Read and Edit selected), all users who previously had access to the entity will continue to have the same level of access.

     The Field Level Security option provides the means to automatically configure field security at the current starting point, so that it does not have to be set up manually on each Fields record for the entity. Once Field Level Security is activated, changes can be applied as necessary to individual fields.

  6. Modify the Field Level Security settings for individual fields, as necessary. See Modifying Field Level Security Configurations for details.

    This is an important step, particularly if you removed Read or Edit access for all users and groups within the global Field Level Security dialog.

  7. Save the Entities record.
    • The system updates the appropriate files and creates the necessary Field Level Security records to capture the permission structure at the field level.

Turning Off Field Level Security

If Field Level Security is no longer necessary or desired for an entity, it must be turned off at the Entity level.

  1. Open the Entities record and select the Security > Options tab.
  2. Clear the Field Level Security option.
  3. Save the Entities record.
    • All Field Level Security configuration is removed, and permissions to the record for users and groups default to those set up at the entity level.

Resetting Field Level Security Configurations

Once Field Level Security is turned on for an entity, any additional changes to the security configurations must be done at the Field level. However, the default configuration may be reset for all users and groups with Read, Edit, In Place Edit permissions at the Entity level.

  1. Open the Entities record and select the Security > Options tab.
  2. Click the Field Level Security Defaults button.
    • This displays the default Field Level Security dialog box, which lists all fields in the entity, and by default grants Read, Edit, and In Place Edit (if applicable) permissions to all groups and users that were granted the same permissions at the entity level. 
  3. Modify the default Read/Edit/In Place Edit permissions, as necessary.
    • Any modifications made in this dialog box are applied to all users and groups who have access to the entity, regardless of existing Field Level Security configuration.
    • Use the Select All and Remove All buttons as necessary to change all of the field settings with one button click.
    • If you remove Edit permissions for a field, the system also automatically clears the corresponding Allow In Place Edit check box (if it is also selected).
    • For example, if you want all users and groups to have Read access only to the OwnerName field as the Field Level Security starting point, clear the corresponding Edit check box.

      Changing Default Security
  4. Click OK to close the Field Level Security dialog box.
    • A message box displays, informing the user that this will overwrite any existing Field Level Security configuration already in place for the entity fields. 
  5. Click Yes to return to the Entities record.
  6. Save the Entities record.

Modifying Field Level Security Configurations

Once Field Level Security has been implemented for the entity, security configuration is transferred from the entity level to the field level for reading and/or editing fields in the entity records based on the selections made in the Field Level Security Defaults dialog.

After you have enabled Field Level Security and have set the defaults, you can configure Read, Edit, and In Place Edit access on a field-by-field basis for each User or Group that has access to the entity.

Follow these steps to configure a field's security settings:

  1. Open an Entities record where Field Level Security has been implemented.
  2. From the Fields tab, open a Fields record.
  3. Select the Security tab.
  4. If you want to use In Place Editing in conjunction with Field Level Security, select the Allow In Place Editing option.
    • After selecting this option, select an In Place Edit Security setting:
      • All Users: All users who have edit permissions at the entity level can edit this field directly within a list view.
      • Specified Users/Groups: Only the Groups and Users that have the In Place Edit option selected on the corresponding Group/User Permissions record can edit this field within a list view. 
    • In order to support In Place Editing at the field level, it must also be enabled at the Entity level and the users/groups to whom you grant In Place Editing privileges at the field level must already have In Place Editing privileges at the entity level.
    • The Allow In Place Editing option is not available for virtual fields and other non-updateable field.
    • See Modifying Security Settings for In Place Editing for instructions on how to enable In Place Editing at the entity level.

      Enable In Place Editing at Field Level
  5. Select either the Group Permissions or User Permissions sub-tab.
    • These tabs are only available when Field Level Security is enabled at the entity level (on the Entities record's Security tab).
    • These tabs list permissions for all Users and Groups that originally had a User Permissions or Group Permissions record at the entity level.

      Fields Record Security Tab
  6. Open a Group or User record from the appropriate Permissions tab.
  7. Configure the group's or user's field permissions.
    • Select the Read option to grant the user/group read access to the field. Clear the option to disable the user/group's access to the field.
    • Select the Edit option to grant the user/group edit access to the field. Clear the option to prevent the user/group from editing this field. Note that this selection is only applicable if Read is selected.
    • Select the Edit In Place field to grant the user/group the ability to edit this field in a list view (using the In Place Editing functionality, see Editing Records in Place for details). Note that this selection is only applicable under the following conditions:
      • The Edit option is also selected on the same Permissions record.
      • The Allow In Place Editing option is selected on the field's Security > Options tab and In Place Edit Security is set to Specified Users/Groups. (If set to All Users, then all users with the appropriate security can use In Place Editing for this field, regardless of this check box's setting.)
      • The user/group has Edit In Place privileges at the entity level. 
    • Enter any Comments regarding the field level security settings in the field provided (optional).

      Group Permissions Record
  8. Click OK to close the Permissions record.
  9. Click OK to close the Fields record.
  10. Configure the field permissions for additional groups or users, as necessary.
  11. Save the Entities record.


About the Field Level Security Effects

When Field Level Security is applied to an entity, users accessing records in that entity who are not granted both Read and Edit permissions will see modified views and forms for any records they opened.

Read Permissions Not Granted

If the user is not granted Read permissions to a particular field in an entity, the following restrictions are applied:

Modifications to the View

If the user has been denied Read permission to any fields in an entity, the user can no longer use that field in a view. The restricted fields do not appear in the Fields list when creating new views or updating existing ones.

If a view that contained this field already existed before field level security was applied, the view will fail to load for non-administrative users (system administrators will still see the field in the existing view but not in new views). Note that not all fields may display in this list, depending on how your system administrator has configured the service.

Modifications to the Form

If the user has been denied Read permission to any fields, the behavior of these types of fields on a form, (determined by a system administrator) is one of the following:

  • Field is Hidden: The field is hidden on the form when the user opens a record from the entity. Note that fields on the form will not dynamically adjust their position based on the hidden field. It will be up to a form designer to minimize the visual impact of hiding certain fields on forms (such as fields secured by field level security should appear at the bottom so their absence will not be readily noticed).
  • Field is Visible with Access Denied: The field displays on the form as usual when the user opens a record from that entity. However, the field is grayed out, and the message Access Denied, followed by the field name, replaces any data in that field.

     Read Permissions Denied

All non-restricted fields for that entity appear as normal on the form and can be edited, assuming the user is granted Edit permissions for the fields.

In Aptify, fields in which a user does not have read permissions to are hidden on forms for all services within Aptify. However, an administrator can modify these setting as needed. See Configuring the Show Access Denied Attributes for details.

 

Edit Permissions Not Granted

If Edit permissions are denied through the use of Field Level Security, the following restrictions are applied.

Modifications to the View

No modifications to the user's ability to use this field in a view are applied. Because the user can still read and access the data in the field, it is available for use in views.

Modifications to the Form

If the user has been denied Edit permissions, the fields and their data appear on the form as read-only for both new and existing records. Users may not enter data into that field on a new record, nor may they update the value of the restricted field.


Configuring the Show Access Denied Attributes

By default, if a user is not granted Read permissions to a particular field in an entity, the field is hidden on the form when a user opens a record from the entity. However, there may be cases when having the field visible is more appropriate (though the user would not have access to read the field). Therefore, Aptify allows an administrator to configure the visibility of these types of fields on the global or per-entity basis.

See About the Row Set Security Effects for more information about the show/hide options.

 

By default, any fields in which a user does not have read access to are hidden when opening a form in any service in Aptify. This behavior is controlled by the ShowAccessDeniedFieldDefaultValue attribute found on the Configuration > Attributes tab of the Entities entity.

  • The possible values for this attribute are 0 (hide no-read fields when user opens any form in any service, the default value) and 1 (display no-read fields with Access Denied message when user opens any form in any service).
  • If this attribute does not exist on the Entities entity (or has an invalid value), the value is assumed to be False and all fields within the system that a particular user does not have read permissions to will be hidden when opening records in an effected service.

You can modify this attribute at the global level as necessary based on the system functionality desired. In addition, you can also add the ShowAccessDeniedField attribute to any entity to control the behavior of fields where a user does not have read permissions.

  • The possible values for this attribute are 0 (hide no-read fields when user opens a form in the particular service, the default value) and 1 (display no-read fields with Access Denied message when user opens a form in the particular service).
  • If the ShowAccessDeniedField attribute exists for an entity, then that behavior specified within the attribute will be used. If an attribute does not exist for an entity (or has an invalid value), the global show/hide behavior setting will be used.

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.