To help enforce strict security policies, protect sensitive data, and reduce unauthorized changes, you can apply Security compliance. You can use Security compliance to define role-based access rules for forms. These access rules overrule other security role configuration.
For a form and defined roles, you can define:
Access rules at the data source level. Depending on the access level, you can even define field-specific access rules. With a query, you can also base the access rules on specific field values.
Access restrictions at the form control level, like field groups, button groups, or buttons. The defined form controls are disabled on the form.
Steps
Go to Security and compliance > Setup > Security compliance.
Click New.
Define the name of the access rule.
In the Restriction code field, type a value.
Describe the access rule.
In the Description field, type a value.
Select the form to which the access rule applies.
In the Form name field, enter or select a value.
By default, the access rule applies to the roles defined for the access rule.
You can change this to instead apply the access rule to all roles except the defined ones.
Select the All roles except check box.
Sub-task: Define roles.
Define the roles for the access rule.
Click the Roles tab.
Click New.
In the Role field, enter or select a value.
Sub-task: Set data source access rules.
You can define rules on data source level.
Click the Data source tab.Click New.
Select the desired data source of the form where you want to set the rule.
In the Data source field, enter or select a value.
Select the access level for the data source or for selected data source fields. You can choose from these options:
Default: Keep the role’s default access. For example, if the role has Read access to the form, it remains unchanged.
Disable selected: Disable the fields selected in the Data source fields section. The role’s default access applies to all other data source fields.
Disable all except: The role’s default access applies to the fields selected in the Data source fields section. Disable all other data source fields.
Read: Change the role's default access to the selected data source to Read.
Edit: Change the role's default access to the selected data source to Edit.
Create: Change the role's default access to the selected data source to Create.
In the Access level field, select an option.
Note
If a form has several data sources, you can set a different access level for each data source.
If you set up a query, it runs each time a user with a defined role opens the form. To avoid this, you can cache the query results to improve performance.
Select the Cache check box.
Note
To delete cached query results, click Flush cache.
You can control when a security compliance rule applies. You can do so for field-based security compliance configurations.
You can choose one of these options to define to which records the access rule applies:New record: Applies the rule only to newly created records.
Existing record: Applies the rule only to existing records.
Both: Applies the rule to both new and existing records.
In the Record type field, select an option.
Sub-task: Set data source fields.
If the selected access level is Disable selected or Disable all except, select the applicable data source fields.
On the Data source tab, in the upper grid, select a record with access level Disable selected or Disable all except.
In the Data source fields section, click New.
In the Field name field, enter or select a value.
You can set up a query to base the access rules on specific field values.
Click Query.
Click Add and define the query as desired.
Click OK.
Sub-task: Set form control restrictions.
You can restrict access for specific form controls.
Click the Form controls tab.
Click New.
In the Control name field, select the desired form control.
Sub-task: Assign organizations.
You can assign the security compliance setup to all legal entities (default) or to specific legal entities.
Click the Organization assignment tab.
In the Assign organizations field, select an option:
Assign all organizations: Applies the setup to every legal entity. This is the default option.
Assign specific organizations: Applies the setup only to the legal entities that you select.
If you select Assign specific organizations, select the legal entities you want to assign.
In the Select organization hierarchy field, select a value.
You can select:
‘(All legal entities)’: In the Available organization nodes pane, each legal entity is shown separately.
A specific organization hierarchy: In the Available organization nodes pane, the related hierarchy is shown.
The Available organization nodes pane, select a legal entity, and click the add icon to move it to the selected legal entities grid.
Note
Add at least one legal entity to the selected legal entities grid before you save the setup.
The security compliance setup applies only to the legal entities in the selected legal entities grid.
To remove a legal entity, select it in the selected legal entities grid, and click the delete icon.
After you set up the role-based access rule, you can activate it. The rule is then applied when the form is accessed.
Click Activate.