Adding Security Rules
Navigate to a Role
Expand Admin, then expand Settings, then expand Security and click on Roles.
Select the Role
In the list view click on the role you want to add rules for.
Add a Type Permission
In the detail view, in the Type Permissions tab, click New.
If you are changing rules for a pre-existing role, search for the type you want to add rules to.
Assign permissions
- Target Type - the type of item that the rules will apply to
- Read - they can see the list view and navigate to the detail views.
- Write - they can modify and save.
- Create - the New button will be visible to them.
- Delete - they can see the delete button.
Save
Click the Save button.
Here we've given read permission and Navigate permission to contacts, but no other permissions, so users with this role will not be able to edit, create or delete Contacts.
Add an Object Permission
In the Object Permissions tab, click New.
Fields
- Criteria - When this is correct the permissions below take effect. See below for more info.
- Read, Write, Delete and Navigate are the same as above.
- Inherited From - shows the current permissions and where they come from.
- The checkboxes with the dot are inherited, and will keep the permission from the Type Permission above.
- The empty checkboxes will have the permission removed.
- The checked checkboxes will grant that permission.
Criteria
The below criteria is an example - the permissions will take effect when the Owner of the item is themselves.
You can use the Visual tab of this editor to create more basic criteria
Save
When you're done, click Save.
Add a Member Permission
In the Member Permissions tab, click New.
Choose the fields that permissions apply to
- Members - a list of the fields that the permissions will apply to.
- Criteria, Read, Write and Inherited are the same as above.
Here we are allowing Write permission to a Contact's First Name field only.
Members
The members drop list is like a normal list view, as fields are selected they are added to the Members list.
Save
When you're done, click Save.
Rules
In this document we have set up the following rules for Contacts:
- Can always Read the contact.
- Can Always write to the First Name field.
- Can only write to the rest of the Contact fields if the user is the Owner of the Contact.
- Can only delete when they Own that contact.
So for a User with this role, they can edit the entire Contact when they Own that contact...
...but they can only edit the First Name field otherwise.