Manage security compliance

To help enforce strict security policies, protect sensitive data, and reduce unauthorized changes, you can apply Security compliance. You can use Security compliance to define role-based access rules for forms. These access rules overrule other security role configuration.

For a form and defined roles, you can define:

Access rules at the data source level. Depending on the access level, you can even define field-specific access rules. With a query, you can also base the access rules on specific field values.
Access restrictions at the form control level, like field groups, button groups, or buttons. The defined form controls are disabled on the form.

Standard procedure

1.	Go to Security and compliance > Setup > Security compliance.
2.	Click New.
3.	Define the name of the access rule.
	In the Restriction code field, type a value.
4.	Describe the access rule.
	In the Description field, type a value.
5.	Select the form to which the access rule applies.
	In the Form name field, enter or select a value.
6.	By default, the access rule applies to the roles defined for the access rule. You can change this to instead apply the access rule to all roles except the defined ones.
	Select the All roles except check box.
7.	Sub-task: Define roles.
7.1	Define the roles for the access rule.
	Click the Roles tab.
7.2	Click New.
7.3	In the Role field, enter or select a value.
8.	Click the Data source tab.
9.	Sub-task: Set data source access rules.
9.1	You can define rules on data source level.
	Click New.
9.2	Select the desired data source of the form where you want to set the rule.
	In the Data source field, enter or select a value.
9.3	Select the access level for the data source or for selected data source fields. You can choose from these options: Default: Keep the role’s default access. For example, if the role has Read access to the form, it remains unchanged. Disable selected: Disable the fields selected in the Data source fields section. The role’s default access applies to all other data source fields. Disable all except: The role’s default access applies to the fields selected in the Data source fields section. Disable all other data source fields. Read: Change the role's default access to the selected data source to Read. Edit: Change the role's default access to the selected data source to Edit. Create: Change the role's default access to the selected data source to Create.
	In the Access level field, select an option.
	Note: If a form has several data sources, you can set a different access level for each data source.
9.4	If the selected access level is 'Disable selected' or 'Disable all except', select the applicable data source fields.
	In the Data source fields section, click New.
9.5	In the Field name field, enter or select a value.
9.6	You can set up a query to base the access rules on specific field values.
	Click Query.
9.7	Click Add and define the query as desired.
9.8	Click OK.
9.9	If you set up a query, it runs each time a user with a defined role opens the form. To avoid this, you can cache the query results to improve performance.
	Select the Cache check box.
	Note: To delete cached query results, click Flush cache.
10.	Sub-task: Set form control restrictions.
10.1	You can restrict access for specific form controls.
	Click the Form controls tab.
10.2	Click New.
10.3	In the Control name field, select the desired form control.
11.	Click the Overview tab.
12.	After you set up the role-based access rule, you can activate it. The rule is then applied when the form is accessed.
	Click Activate.