In the following example we look at how to limit access to a department's records to members of that department. The theory is identical when controlling who can access a record based on a value in the Record Status: (Access) field, or any other field for that matter.
A Vital Records Office decides that while everyone should be able to view all staff records in the Parties module, only members of each department (e.g. Registrations, Accounts, etc.) should be allowed to edit and delete their department's records.
For this example we would need to ensure that:
- Existing records for each
- Permissions are set:
Displayfor group Everyone; andEditandDeletefor members of the group to which the record belongs.-AND-
- The Value in the Department field is set to the name of the relevant department, e.g.
Registrations,Accounts
For instance, any Parties records belonging to group Registrations should have the following permissions and value in the Department field:
Note: Using the Set Record Security batch update tool it is a simple matter to assign these permissions to existing records.
In order for members of group
- The
EditandDeletepermissions.Note: This is necessary because we have removed the
EditandDisplaypermissions from group Everyone (we don't want everyone to be able to edit or delete this record): if the only group added to the Security box is group Everyone, members of groupDisplaypermission. - The value in the Department field must be
Registrations.Note: Although the Set Record Security batch update tool cannot be used to batch update the Department field, the Global Replace tool can.
- As new records are added by members of a group, the appropriate permissions and values are automatically set.
Note: See (Record Level) Security Registry entry for details of how to refine Record Level Security. The Security Registry entries required for this example can be found here.
- Permissions are set: