Record Level Security
When you set up security roles, you can control the specific records that a role can access and what they can do with those records. This is called record level security or row level security.
You can also specify the type of access the role has to a group of records: read only, modify only, add/modify, or full.
Set up record level security on the Record Access tab of .
Record level security works in conjunction with DPS lookups. When a user displays a lookup list, the list includes only those records that the user's role is able to access. The user cannot navigate to any records that they do not have permission to access.
Record level security also works in conjunction with the work breakdown structure and other hierarchical structures in DPS. For example, if a role has access rights to a project (level one of the work breakdown structure), then that role also has access rights to phases (level two) and tasks (level three) of that project. However, if a role only has access to a specific phase of a project, the role can only access tasks within that particular phase.
Examples
For example, a project manager has full access to the Employees and Projects hubs, whereas a project consultant only needs read access to the Projects hub.
In a more complex example, a project manager only has read access to the Opportunities hub records for the state of Missouri.
Access
The Record Access tab of lists all of the DPS application areas. For each application area, you can choose one of the following access levels:
- Read Only: The role can look at records but not add, modify, or delete record information.
- Modify Only: The role can look at records and make modifications to information, but cannot add new records or delete records.
- Add/Modify: The role can look at, modify, and add records, but cannot delete records.
- Full: The role has full rights to the records. This includes the ability to read, add, modify, and delete records.
Record Level View
Click in the Record Level View field to display the lookup for an application area. Use the lookup to enter criteria that define the records that the role can view.
Record Level Update
Click in the Record Level Update field to display the lookup for an application area. Use the lookup to enter criteria that define the records that the role can update.
The choices that you make here must be consistent with the role's access level. For example, if a role has Read Only access rights to an application area, you cannot then give the role update privileges to records in that application area.