Whereas security keys control access to functionality within the application, this security access is limited to menu items. To help protect the system at a more granular level, it is important to set up security for table and field access.
All tables and fields are available in the security system, and access can be set up individually for each user group working within a company or domain without affecting other user groups. Table and field access is configured when you set security keys (Administration > Setup > Security > User group permissions on the Permissions tab).
The following graphic shows how to access and configure table and field access from the User group permissions window.
User group access to a table is defined by several factors:
- The table rights defined for the user group within the domain or company.
- The table’s security key and the user group’s security key rights within the domain or company with regard to the table.
- The setting of the MaxAccessMode table property.
The MaxAccessMode property affects only access through the user interface. Code can still access the table, even if the MaxAccessMode is set to No access.
These factors are used for the calculation of a user group’s permissions to each table in the application.
The following chart shows how table rights are calculated during startup. Tables have two properties: Configuration key and Security key.
Like user group table access, user group access to a field is defined by several factors:
- The field rights defined for the user group within the domain.
- The field’s security key and the user group’s security key rights within the domain for the field.
- The setting of the Visible field property.
- The setting of the AllowEdit field property.
These factors are used for the calculation of a user group’s permissions to each field in the application. The calculation is performed during startup.
The following chart shows how field rights are calculated during startup.
After the user group’s access to a field has been calculated, this access is compared to the one defined for the table. A user group’s access to a field can never exceed the group’s access to the table that the field belongs to. The final field access becomes the lesser of the field and table rights.