When working with Record Level Security it is important to keep in mind that users inherit permissions from the groups to which they belong. A simple illustration may suffice (see below for more details).
As the name suggests, all users are members of group Everyone. Let us give Everyone permission to Edit this record:
Now when we check the permissions of the Admin group we see that not only is the Display permission grEdit:
Note:
If your objective is to remove permissions for a user / group and you find that a permission you wish to remove is gr
Greater detail: users inherit permissions from groups
For this demonstration of how users inherit permissions from the groups to which they belong, the default group Everyone is given the Display permission for a record:
When user gerard is added to the Security box he inherits the Display permission (which is therefore gr
Note: Technically, the minimum permission a user / group has is the Display permission (a user / group added to the Security box will always already have the Display permission by virtue of being added to the Security box).
User gerard can be given both Edit and Delete permissions (as they are not inherited from group Everyone in this example). In this case we only want to give user gerard the Edit permission, but not Delete:
User gerard is also a member of group Edit and Delete permissions:
User gerard inherits permissions from all groups to which he belongs when those groups are added to the Security box, and now we see that he has the Delete permission which we did not want him to have:
If we only wanted user gerard to have Edit permissions but wanted other members of group Edit and Delete, one solution would be to remove user gerard from group
Note: If you wish to restrict access to a record, be sure to remove group Everyone from the Security box.